[Top] [All Lists]

RE: MyDoom, Sorbig - Actions taken?

2004-02-05 09:32:50

Wouldn't it be nice if the same sort of thing could be done with 
email messages?  Imagine all the viruses that would be blocked 
because they could only send mail on behalf of the "originating 
location's mail domain".

I'm trying to imagine, really hard.  With such protections in
place, the viruses would have to use the sender's From: domain
to spread.  That isn't too onerous for the virus, and with a 
large enough domain (enough unique localparts) it provides too
little information to identify the infected user's PC.

Of course, it can't really be done due to the current design of 

Some ISPs, notably Earthlink, block outgoing traffic on port
25 for exactly this reason -- to apply policy on the outgoing 
mail.  They could apply any policy they want.  I have no idea
what sort of policy/policies that are currently applied to the
mail routed through their mailers, but I do know that a few years
ago they wouldn't permit using a MAIL FROM that wasn't


Yes, there are some proposals that allow recipients to try to 
verify the allowability of an IP address to send mail on 
behalf "claimed sender addresses", but I consider these to be 
band-aid solutions.

And most importantly, controlling "outgoing" messages has nothing 
to do with the payload of those messages. So, MIME issues, for 
example, aren't in the picture  because the transport mechanism 
is transparent.

I think this is a good discussion to have. That is, can the email 
system be changed to 
reduce propagation of these types of viruses? I didn't see the 
initial posting in this 
thread, so I cannot comment on any early proposals that may have made.

I do think that "propagation control" is more likely to be 
successful if its payload transparent.  I also think that given 
the current design of SMTP, no easy, complete and reliable solution 
for SMTP will be forthcoming.  

So, perhaps mail-ng is the place to discuss sweeping reforms to 
messaging as we 
know it, and this forum is a place to discuss shorter term 
solutions that are reliable, 
effective and possible.

I must say I'm rather disappointed with the tone of this thread, 
the innuendo and 
chest thumping on all sides.  I think list subscribers are here 
because they have 
made contributions to "the technology of messaging" in the past, 
currently are doing 
so, or will do so in the future.

So comments like "you're clueless go away" and "I'm great look at 
all the stuff I 
wrote" seem out of character.

Thanks for reading this far.

Brad Clements,                bkc(_at_)murkworks(_dot_)com   (315)268-1000                          (315)268-9812 Fax                   AOL-IM: BKClements

<Prev in Thread] Current Thread [Next in Thread>