On Wed, Jan 14, 2009 at 06:12:23PM +0100, Alessandro Vesely wrote:
599 Bounce to postmaster. What would be wrong if it existed? (I mean,
besides how hard it would be to reliably introduce it now.)
I think -- even if there was widespread concurrence that it's a great
idea -- "years" would be the timeline.
And I'm not sure it's advisable or even worth it. Let me explain:
I tend to loosely group mail system operators into two ad hoc categories:
the first read "postmaster" mail, examine their inbound/outbound logs,
run statistics on them, note anomalies, investigate them, and are pretty
much invisible to me because their system are rarely, if ever, a problem.
The second don't have a working "postmaster" address, pay no attention to
their logs, complain vociferously when [correct] allegations of problems
are made, and as a consequence, are a major irritant.
Those in the first group are likely to know before you need to
tell them. They'll note an unusually high number of 5XX responses
to outbound traffic, investigate, and figure it out. Those in the
second group will ignore you (most likely) or deny the facts,
or accuse you of some malicious act, or something less pleasant.
So there's little need to tell the first and little point in telling
the second.
Among other things, "malicious" isn't universal. And anti-virus software
does not have a 0% FP rate.)
I agree it cannot be 0%, but better than 0.000001% is expected.
I think that's hopelessly optimistic in real-world settings. I routinely
see a handful of FP's every month -- then again, I tend to send out mail
talking about spam and phishes and so on, which most people don't.
Also see Chris's excellent explanation, which I think is roughly
typical of that at many large sites (it's certainly similar to the
large sites I've worked on).
Besides: AV vendors issue incorrect signatures, people misconfigure
their mailers (I've seen multiple instances of reversed tests), networks
fail, routers hiccup, DNS botches, and so on. There are so many things
that go wrong that our only chance at diagnosis and repair relies on
appropriate error messages.
Why don't we have a meta channel for those cases? Some bounces should be
sent to postmasters, who can then send more meaningful DSNs, possibly
after seeking the relevant message-ID in their logs, and fix the problem.
Bounces are a bad idea because they add still more SMTP traffic, they
can easily be abused to conduct DDoS attacks, and because of the
situation outlined above.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg