ietf-mxcomp
[Top] [All Lists]

RE: DOC-BUG: permitted use of PRA/submitter address

2004-08-31 10:55:38

On Mon, 2004-08-30 at 22:12, Harry Katz wrote:
On Monday, August 30, 2004 7:07 PM, mazieres(_at_)gmail(_dot_)com
[mailto:mazieres(_at_)gmail(_dot_)com] wrote: 

Okay, so basically is it the case that Sender ID (in its 
present form) isn't designed to help with these kinds of 
viruses and virus notifiers?  At this point, is there any 
possible action the MARID group could take that would allow 
more intelligent virus rejection?  I care a lot about this 
problem, and was hoping the outcome of this working group could help.

I think Sender ID will help with viruses, though perhaps not in the way
you're suggesting.  As I understand it, many viruses today are
tranmitted from infected zombie machines, often home computers connected
via cable modem or DSL lines.  The IP addresses of these home computers
will not likely be listed by their owning ISPs as legitimate sources of
outbound e-mail.  Thus a receiver performing the Sender ID check should
be able to detect "foul play" and reject the message, presumably with a
5xx type return code rather than by sending an actual bounce message.

There are several problems with what appears to be misleading
information.  If Harry was suggesting the use of a DUL list, then this
could indicate whether the ISP has listed these addresses, but then he
say it is Sender-ID doing this?  Sender-ID does not restrict the IP
address placed within an SPF2 record.  In fact, the SPF2 record could
include the entire Internet.  Nor does Sender-ID bother to identity the
host sending the mail.  This misleading information also seems to imply
"?all" records will be refused.  If so, the "all" construct should be
removed from the draft.  To give the virus writer some credit, the virus
may use Sender-ID macro syntax to create labels that ensure receiving a
"pass" where the scope of the address does not appear out of the norm. 
In short, Sender-ID does not offer protection from viruses or zombie
machines attached to DSL lines.  Keep your virus filter running. 

Not sure I understand this question.  However, when an MTA 
sends a DSN with MAIL FROM <>, the PRA would typically be
something like postmaster(_at_)example(_dot_)com or
mailer-daemon(_at_)example(_dot_)com(_dot_)  See example 5.5 of the 
SUBMITTER spec.

Sorry, my question was about receiving, not sending bounces.  
Let me elaborate.  Suppose I have two email addresses:

me(_at_)myschool(_dot_)edu
me-bounces-2004(_at_)myschool(_dot_)edu

Because of the number of bounces I get from viruses, the 
address me(_at_)myschool(_dot_)edu does not accept DSNs.  Therefore, I 
always use me-bounces-2004(_at_)myschool(_dot_)edu as the envelope sender.

So far so good.  The next question is which address I should 
use as the PRA.  If I don't do anything, the PRA will be 
me(_at_)myschool(_dot_)edu, which I would probably prefer.  However, 
given that that address refuses DSNs, the question is whether 
there would be grounds for listing me in the rfc-ignorant RBL:

http://www.rfc-ignorant.org/policy-dsn.php

Thanks for clarifying.  Bounces go to the return-path address, not to
the PRA.  If you want bounces to go to a specific address you need to
set the MAIL FROM address to the desired address when you send mail.

This does not seem to answer the question.  If the PRA is compared
against the list, then your RFC2822 From will need to be changed, or you
will need to include a Resent-From header in your message to preserve
the RFC2822 From.  You may need to get the Resent-From plug-in. : )

-Doug