Re: [Asrg] Meta channel, not bounces
2009-01-15 13:38:35
Rich Kulawiec wrote:
On Wed, Jan 14, 2009 at 06:12:23PM +0100, Alessandro Vesely wrote:
599 Bounce to postmaster. What would be wrong if it existed? (I mean,
besides how hard it would be to reliably introduce it now.)
I think -- even if there was widespread concurrence that it's a great
idea -- "years" would be the timeline.
Yup, that's why I said "if it already existed".
And I'm not sure it's advisable or even worth it. Let me explain:
I tend to loosely group mail system operators into two ad hoc categories:
[attentive vs. lame postmasters dissection dissertation]
So there's little need to tell the first and little point in telling
the second.
Yet, attentive postmasters are not omniscient. They need a data feed.
I agree it cannot be 0%, but better than 0.000001% is expected.
I think that's hopelessly optimistic in real-world settings.
Not for an AV filter. People routinely scan their hard disks with AV;
perhaps they miss some viruses, but no legitimate software is
quarantined. Obviously bugs exist, and FPs are a particular kind of
bug for an AV package. I never saw one, but each AV vendor should have
a list of open issues, and possibly also of the closed historical records.
SMTP implementation also have bugs. However, when discussing the
protocol we take it for granted that they can be fixed.
Also see Chris's excellent explanation, which I think is roughly
typical of that at many large sites (it's certainly similar to the
large sites I've worked on).
Chris said their filter is not able to distinguish viruses from
generic malware. Otherwise, for viruses they could issue a "599 Don't
bounce this dangerous content to the user" after data transfer, if
that code existed...
Besides: AV vendors issue incorrect signatures, people misconfigure
their mailers (I've seen multiple instances of reversed tests), networks
fail, routers hiccup, DNS botches, and so on. There are so many things
that go wrong that our only chance at diagnosis and repair relies on
appropriate error messages.
Having an appropriate error message is not enough. It is also
necessary to deliver that message to the right operator. Delivering
error messages to end users may be counter productive. For a non-viral
example, what can users do if their mail is bounced because of bad
DKIM signatures?
Why don't we have a meta channel for those cases? Some bounces should be
sent to postmasters, who can then send more meaningful DSNs, possibly
after seeking the relevant message-ID in their logs, and fix the problem.
Bounces are a bad idea because they add still more SMTP traffic, they
can easily be abused to conduct DDoS attacks, and because of the
situation outlined above.
That's exactly why I proposed a meta channel: to direct error messages
to someone who can act appropriately.
Some large sites have established feedback loops whereby a message is
"bounced" to some postmaster. Apparently, they are mainly meant for
"this is spam" actions. However, the ARF format (quite similar to DSN)
provides fields for reporting bad DKIM signatures. I don't know at
what level such bounces could be generated. It is technically possible
to generate them right after the data transfer, just like for viral
content. If we recognize that viruses are a problem, don't they
deserve using that meta channel as well? This leaves us wondering how
can such a meta channel be established for small and medium sites as
well...
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] where the message originated, (continued)
- Re: [Asrg] where the message originated, David Wilson
- Re: [Asrg] where the message originated, Rich Kulawiec
- Re: [Asrg] where the message originated, David Wilson
- Re: [Asrg] where the message originated, Rich Kulawiec
- Re: [Asrg] where the message originated, David Wilson
- Re: [Asrg] where the message originated, Rich Kulawiec
- Message not available
- Re: [Asrg] virus detectors, was where the message originated, SM
- Re: [Asrg] virus detectors, was where the message originated, Franck Martin
- [Asrg] Meta channel, not bounces (was: Re: where the message originated), Alessandro Vesely
- Re: [Asrg] Meta channel, not bounces (was: Re: where the message originated), Rich Kulawiec
- Re: [Asrg] Meta channel, not bounces,
Alessandro Vesely <=
- Re: [Asrg] Meta channel, not bounces, Rich Kulawiec
- Re: [Asrg] Meta channel, not bounces, Chris Lewis
- Re: [Asrg] Meta channel, not bounces, Franck Martin
- Message not available
- Re: [Asrg] Meta channel, not bounces, Alessandro Vesely
- Message not available
- Re: [Asrg] Meta channel, not bounces, Rich Kulawiec
- Message not available
- Re: [Asrg] Meta channel, not bounces, Chris Lewis
- Message not available
- Re: [Asrg] Meta channel, not bounces, Chris Lewis
- Message not available
- Re: [Asrg] Meta channel, not bounces (was: Re: where the message originated), Rich Kulawiec
- Re: [Asrg] Meta channel, not bounces, Chris Lewis
- Re: [Asrg] Meta channel, not bounces (was: Re: where the message originated), SM
|
|
|