At 11:06 AM +0200 9/11/04, Florian Weimer wrote:
Only badly
configured MTAs (or poorly outdated MTA software such as qmail) send
NDRs for unknown users
That's not really true. There are a lot of situations where a
world-facing MX is not the final delivery point or last transport hop
for mail and in any such situation it is possible for delivery
failures to occur later on. It would be a serious blow to the
reliability and deterministic behavior of mail for all complex mail
systems to forego bounces.
or messages containing malware.
Accepting a message and later bouncing it based on any determination
that the content indicates that the sender is untrustworthy is a
gross misdesign. That goes for malware or spam filters. If the
messages cannot be scanned at the border synchronously with the SMTP
session (i.e. in the DATA phase) and rejected at that point, any bad
content determination made later should extend to distrust of any of
the standard RFC282[12] indications of who sent it.
I believe that reality is a bad thing for mail. There are cases where
the sender on spam or malware mail is not forged or where the
determination of ill-intentioned content is in error. Bouncing those
would make sense. Unfortunately it is impossible for filters to know
when they have misfired or for malware filters to be 100% certain
that a 'signature' match provides assurance of what the discovered
malware is or does. SPF and other MARID schemes could make it much
safer to generate such bounces and be assured that they are not
targeted at innocent parties.
These MTAs
won't get magically fixed once there's a new RFC.
Some systems where the bad bounces are a matter of necessity rather
than misdesign can certainly be 'fixed' by a usable mechanism for
validating envelope senders synchronously at the border. The
robustness issues involved with ordaining that all mail receiving
systems implement all of their reasons for not delivering mail
synchronously at their exterior borders are real and can override
concerns over occasional misdirected bounces. MARID schemes,
including SPF, offer relatively lightweight ways to reduce the chance
of misdirected bounces.
I'm a bit surprised that memories are so short. It is not so long ago
that a large fraction of spammers were using completely bogus domains
in envelope sender addresses. For a while this meant that early
adopters of the practice of validating the theoretical mailability of
domain parts could reject large amounts of spam before the DATA phase
with total assurance that every rejection was justified. Spammers
adjusted by switching to forged addresses and the tactic of using a
whole lot of different disposable domain names of their own. The
latter is a dead end for them, and it would be very helpful (at least
until they figure out some other approach) to close off the option of
forgery.
I wish there was a better alternative to an arms race, but I don't
think there is. Arms races are not always eternal and don't always
end badly.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg