ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........]

2005-01-10 14:08:44
from [Dean Anderson] [Permanent Link] 

On Mon, 10 Jan 2005 Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:


And just what sort of validation would that be?


Authentication (SMTP AUTH, POP-before-SMTP, etc.), restriction to
trusted IP addresses, etc.  Basically the sending server is responsible
for authorizing its own use, via whatever method is most appropriate.


And this stops forgery how? 

I think you're forgeting that _every_ user (including every spammer and 
forger, and virus-infected computer) has relay services provided by their 
provider. They have those services right up until they don't.

SPF takes for granted that the ISP's users can forge email to the ISPs 
relay, and doesn't address that problem.  This opens the possibility for 
100% blowback.


Your lack of sympathy for MTA.1 is unfortunate, but unrealistic.  Even
taking steps to prevent viruses does not catch all virues.  Even using
SMTP AUTH on a closed relay does not prevent forgery.


I have the greatest sympathy for MTA.1 and its users.  My sympathy (as
MTA.2's admin) does NOT extend to taking responsibility for delivery of
the viruses MTA.1 is trying to unload on me.  If MTA.2 then turns around
and delivers the virus to someone else, that is not my problem.

With my particular MTA.2, I reject virii even if they are to valid
addresses.  If this causes MTA.1 to deliver a bounce message (possibly
even including the virus) to the forged sender, then MTA.1 just made a
big mistake.  I suppose a case could be made that it's "my fault"
somehow, but I'm not going to lose any sleep over it.


You may reject some virii. But I think you don't reject all virii, either
because your virus definitions aren't uptodate every second of the day, or
because a new virus has emerged which isn't in the detection database.

Supposing you say, "I don't accept any attachments", then I'd point out 
that this is insufficient to prevent infection, since a link to a rogue 
server is enough to infect a computer. 

Supposing you say, "I don't allow html email", then I'd point out that 
abusers can still send a URL in text, an the unsuspecting user might type 
it into their browser and get infected.

Supposing you say, "My users are too smart to fall for that", I'd say: 
congratulations. But it doesn't scale.

                --Dean


Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"




-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], terry
Next by Date:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], Matthew.van.Eerde
Previous by Thread:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], terry
Next by Thread:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]