On Mon, 30 Aug 2004 22:12:11 -0700, Harry Katz
<hkatz(_at_)exchange(_dot_)microsoft(_dot_)com> wrote:
On Monday, August 30, 2004 7:07 PM, mazieres(_at_)gmail(_dot_)com
[mailto:mazieres(_at_)gmail(_dot_)com] wrote:
Okay, so basically is it the case that Sender ID (in its
present form) isn't designed to help with these kinds of
viruses and virus notifiers? At this point, is there any
possible action the MARID group could take that would allow
more intelligent virus rejection? I care a lot about this
problem, and was hoping the outcome of this working group could help.
I think Sender ID will help with viruses, though perhaps not in the way
you're suggesting. As I understand it, many viruses today are
tranmitted from infected zombie machines, often home computers connected
via cable modem or DSL lines. The IP addresses of these home computers
will not likely be listed by their owning ISPs as legitimate sources of
outbound e-mail. Thus a receiver performing the Sender ID check should
be able to detect "foul play" and reject the message, presumably with a
5xx type return code rather than by sending an actual bounce message.
I'm not sure I see how the owning ISP of the virus-infected machine
comes into play, as the problem is that the machines are forging mail
in my name. (If viruses all claimed to be from the owning ISP, I'd
already be a lot happier.)
It's true that if I publish an SPF2 record, it would probably help
with today's viruses, because the From: address would be the PRA, and
thus would be goverened by my SPF2 record. However, if Sender-ID were
adopted, I'm sure the virus writers would just start including a line
like:
Resent-Sender: virus(_at_)com
in each email. This would guarantee a SenderID result of None (since
com has NS but no TXT/SPF2 records), and thus for sites that don't do
virus checking before responding to the DATA command, would still
result in a flood of bounce messages to me.