[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-05 11:11:05

----- Original Message ----- 
From: "Brad Clements" <bkc(_at_)murkworks(_dot_)com>
To: <ietf-smtp(_at_)imc(_dot_)org>
Sent: Thursday, February 05, 2004 10:57 AM
Subject: Re: MyDoom, Sorbig - Actions taken?

Wouldn't it be nice if the same sort of thing could be done with email
Imagine all the viruses that would be blocked because they could only send
mail on
behalf of the "originating location's mail domain".

IP Analytics might become a plan.  That might be more true than we care to

Of course, it can't really be done due to the current design of SMTP. Yes,
there are
some proposals that allow recipients to try to verify the allowability of
an IP address
to send mail on behalf "claimed sender addresses", but I consider these to
be band-
aid solutions.

These SORBIG generation virus are nasty is that they enhanced their
distribution process by using stolen valid return paths and return on a
secondary wave of distribution based on bounces.   Some of the proposals
will address some of the distribution but not all.

Brad,  you know the products we have - so you know we have the experience.

The issue and why I ask the question.

YES, traditionally SMTP is a tranparent process but the market pressures are
changing this.  I wanted to know what some are doing.   We have many
customers HURTING and they are BLAMING the SMTP software for creating the
bounces!   Yes,  you and I know whats going on.  But they don't.  We are no
position, Keith might, to argue with them :-)  So as I always DO by nature
is LOOK for solutions - what can be done?  The status quo is not acceptable
any more.

I think this is a good discussion to have. That is, can the email system
be changed to
reduce propagation of these types of viruses? I didn't see the initial
posting in this
thread, so I cannot comment on any early proposals that may have made.


So, perhaps mail-ng is the place to discuss sweeping reforms to messaging
as we
know it, and this forum is a place to discuss shorter term solutions that
are reliable,
effective and possible.

Nah,  Keith already decided what thats going to be.  Its another BBS!   :-)

Lets keep it here - SMTP, thats the reality.  Thats where the real change
will occur with extensions I hope and solid working proposals.

The question I ask here is to see how other vendors are addressing the
problem.  Are they using AVS api?  What experiences do they have with any
ASRG proposals?   DMP has help tremendously to protect your sender machine
from the group of spoofs return paths using your address.

Check out our SMTP statistics filtering breakdown at

I must say I'm rather disappointed with the tone of this thread, the
innuendo and
chest thumping on all sides.  I think list subscribers are here because
they have
made contributions to "the technology of messaging" in the past, currently
are doing
so, or will do so in the future.

So comments like "you're clueless go away" and "I'm great look at all the
stuff I
wrote" seem out of character.

I agree.  Unfortunately,  it is not hard for a new IETF list comer to see
what's going on here. It is "in character" as a norm with a few here and
unfortunately,  the "good old gang" mentality is prevailing.    For them, a
new comer means no experience and this unfortunate mentality has stalled
real progress.

Hector Santos, Santronics Software, Inc.