ietf-mxcomp
[Top] [All Lists]

RE: Point of Order: Incomplete, flawed response to MARID WG Charter

2004-08-19 17:28:43

If the sending MTA is a virus with its own SMTP engine, then the 5xx or 4xx 
DOES prevent
backscatter, because the virus does nothing with the error.

Similarly, if the sending MTA is a the direct connection from a spammer, 
backscatter prevented.

It is my experience that most viruses with built in MTA engines do direct 
connect rather then try to
relay through third party.  If they do relay, they can be tracked and shut down 
manually (or by
heuristics/volume rules on the relay)

I am not sure what the normal is for spammer direct connects (from either 
spammers server, or
spammers drone, either way doesn't matter).

But I am sure the majority of bad bounces my users get are the result of forged 
mail-from's of spam
and virus infections.  Now that I have implemented DNSBL's the spam has gone 
down a lot, but the
virus bounces have not.

Ultimately, if the SENDING MTA is the actual source of the forged Mail-from, 
then spf with a 5xx or
4xx code does stop backscatter.


Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085


-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Roy 
Badami
Sent: Thursday, August 19, 2004 7:57 PM
To: John Glube
Cc: 'Daryl Odnert'; 'Chris Haynes'; 'Harry Katz'; 'IETF MARID WG'
Subject: RE: Point of Order: Incomplete, flawed response to MARID WG
Charter



"John" == John Glube <jbglube(_at_)sympatico(_dot_)ca> writes:

    John> * Sender-ID does not call for receiving MTAs to do an SMTP
    John> Mail From check in the absence of PRA.

    John> However, we know as has been pointed out by doing so, this
    John> aids in the prevention of one form of 'backscatter' as
    John> pointed out by Chris and helps to minimize the risk of false
    John> positives, as has been pointed out by Meng.

I'm still very confused.

I don't see how giving an SMTP 5xx to mail in response to a forged
MAIL FROM helps prevent backscatter.  Giving a 5xx response to a
forged MAIL FROM pretty much guarantees backscatter (the upstream MTA
will bounce the message to the forged MAIL FROM).

The only way to prevent backscatter would be to accept and silently
discard the message, and that would involve throwing away the
long-established principle of reliable mail delivery, permanently
harming the Internet infrastructure for short term gain.

There seems to be this myth circulating that SPF prevents backscatter
because it checks the MAIL FROM.  This just doesn't hold water: the
effect of SPF is to cause all forged messages to bounce; it increases
backscatter.

This issue is a red herring.  In a world where MAIL FROM is often
forged, _all_ 5xx rejections (or indeed 4xx rejections) result in
backscatter.  There is nothing we (here, in this WG) can do about
this.  Other people are working on the problem; let's move on.

      -roy



<Prev in Thread] Current Thread [Next in Thread>