ietf-smtp
[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-05 10:25:35

----- Original Message ----- 
From: "Abhijit Menon-Sen" <ams(_at_)wiw(_dot_)org>
To: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
Cc: <ietf-smtp(_at_)imc(_dot_)org>
Sent: Thursday, February 05, 2004 10:14 AM
Subject: Re: MyDoom, Sorbig - Actions taken?


At 2004-02-05 09:19:05 -0500, 
winserver(_dot_)support(_at_)winserver(_dot_)com wrote:

Now, if you are are suggesting that maybe SMTP "should" perform MIME
processing to maybe WARN/HELP the user, then we are in tune with what
I hoping to get going here.

Dear Mr. Santos,

Just for clarification -- are you suggesting that SMTP servers perform
MIME processing to identify potentially evil content, so that users do
not have to deal with it?

I am not advocating it should be part of the process. It is implementation
issue.

The original question was WHAT others are doing at SMTP? if at all.

Furthermore, are you suggesting that this is necessary because the MUA
cannot be relied upon to protect the user adequately, once the message
has been received?


Would you allow a virus to enter the system (user desktop) if you had to
potential to stop it?

I would appreciate the opportunity to clarify this.  After all,  Keith (boy,
what a character) seems to feel I don't know what I am talking about nor
experience in mail system design when in fact, I have more than him.
Obviously, he has a philosophy based on not having a product in the market
place. On the other hand, I have products and market pressures I have to
deal with.  But that's neither here or there and it is sad that he had to
stoop to that level when all wanted to know is what others are doing in this
area.

Of course, we know SMTP is  transparent process.   But is it really?

I expected 3 type of answers:

1) In regards to return paths/sender machines, they are doing XYZ and/or ABC
or nothing. I didn't expect much in this area.

2) SMTP is inherently a transparent process.  Mail Filter done by 3rd party
Integration.

3) SMTP is being redesigned to build-in the mail filter using new growing
AVS API  systems.

I clearly didn't expect the obvious - the MUA/USER!

The latter is occurring more and more due to market pressures.  Now we could
no longer rely on 3rd party solutions, but also vendor partnerships or
building it in.   Microsoft will be releasing soon an AVS API built-in to
the OS.  You can also buy them today.  Those customers with system wide AVS
software who use delay processing with our server are better off.   We don't
have to worry about them.  But that is not the norm. The pressure is to do
more with SMTP.  I know that is an implementation issue.

My original question was how other people dealing with this problem.

Passing it on to users is not acceptable solution.  Not by me. By customer
demands.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com