Well, regardless of who is pointing the finger at who, the fact
remains that:
1) an infected E-mail is being passed on to someone who quite likely
had NOTHING to do with sending it, nor did they probably have any
control over the system(s) that did;
True in the scenario outlined. But there is no way for the host
issuing the SMTP-level reject to know, in general, that that is the
case; whether a bounce to anyone is generated is up to the SMTP
client's software. (Direct-to-MX spamware, for example, generally does
not generate bounces in reaction to rejections.)
Furthermore, even the best malware detection FPs at least occasionally.
If my mail to my friend produces a FP, the _last_ thing I want is for
it to silently vanish. (Furthermore, the presence of malware does not
necessarily mean the mail is unwanted or shouldn't be delivered; I have
no trouble imagining researchers mailing samples to one another. Yes,
they _can_ encrypt them or some such, but I see no a priori reason they
should have to.)
2) [...]
3) [...]
First of all, ultimately the ONLY authority which TRULY determines
FOR A FACT whether a given piece of e-mail is unwanted or not is the
final recipient.
If there is one. A lot of spam, and probably a nontrivial amount of
malware-bearing email, has no existent addresses anywhere in the
envelope (often, not in the headers either). Who is the "final
recipient" of such a message?
Note that this is not unlike the way most of us actually handle "spam
triage" in our inboxes now: we look to see mail coming from
unfamiliar senders, or unfamiliar subjects, or for that matter common
spam-type subject lines.
Who's this "we"? That's certainly not how I triage my email; the first
thing I look at for most of the mail that reaches my mailbox is the
beginning of the body. At least a moderate fraction of my mail I never
read the Subject: or From: of at all.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg