from Vol 523
Despite the recent phenomenal increase in spam, there is still
massive opposition to *doing* anything about the problem. I remain,
as always, amazed. [..] There are plenty of people willing to do
something about it but
talking isn't doing, is it? This place can never solve or even stem
the problem. It's a research group, research. Not design or
Hi,
I've been lurking on this list for a couple of days, trying to figure
out of this is the best place to bring this idea up (someone
recommended when I posted to the news.admin.net-abuse.email group).
I have in the past gotten an awful lot of "Mail undeliverable"
message from the daemon, with attached virus code in raw hex. I have
been told that some of the worms will send out email that looks like
such a mail daemon error. This could be, but I got the impression here
that some worm had sent out copies of itself to a bunch of addresses,
with my address in a spoofed From: header, and that for those addresses
that had been cancelled, or did not exist (I've noticed that many
worms/spammers appear to send junk to several "variants" of a
particular address). Then the mail (ALL of it, including the attached
worm code in raw hex) is bounced back to me (the spoofed sender).
This would not be TOO annoying (any more than any other worm/spam
is), except that the attachments are usually anywhere from 30-150KB in
size, and I'm still on a dial-up line (to say nothing of the bandwidth
these bounces use as they travel through the Internet).
Furthermore, the attachments (even if they were legitimate
attachments) are useless, since they are bounced by the daemon in raw
hex format, and thus are not interpretable to most email readers. If a
legitimate attachment got bounced, the original sender should logically
have a copy of it still around. So why is the raw hex even left in the
bounce message? To copy it there seems to me to server no purpose,
other than to provide more incentive for people like me to get DSL
(maybe a good thing, but that's another matter entirely), and clog the
internet trunks (which is already happening, and may or may not matter,
especially after the fiber glut of the late '90s)
Does anyone else think this makes sense and that the RFC for mailer
daemons should therefore be changed (or a new RFC proposed, or however
the process goes, I'm new to this, as you can tell..)
Thank you,
Jim Witte
jswitte(_at_)bloomington(_dot_)in(_dot_)us
Indiana University Cog Sci/Comp Sci
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg