ietf-mxcomp
[Top] [All Lists]

RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........]

2005-01-09 17:38:52

On Mon, 3 Jan 2005 Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:


Dean Anderson wrote:
The blowback issue is different from this.  Blowback happens whenever
anyone _rejects_ emails based on SPF.

Fair enough

A bounce is generated from the relay to the forged sender.

Is it?  If the receiving MTA issues an SMTP reject command, it does not
assume any responsibility for the delivery of the mail.  It will
therefore not generate a spurious bounce message.

This isn't how most current SMTP servers behave.  
(Sendmail/Qmail/Postfix/Exchange, anyway)  If the receiving MTA rejects 
mail, the sending MTA generates a bounce to the sender.  The sender of 
course, can be forged.

If the sending MTA generates a bounce message, then it's likely not a
virus or other malware likely to forge a sender address.

???

This too is wrong. Many viruses send "forged" bounces containing a virus. 
One cannot assume that because you opened a bounce, the message will not 
contain a virus.  Further, a genuine bounce with an undelivered message 
may contain a virus in the undelivered message.


Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"




-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000