[Top] [All Lists]

Re: Do the must 'bounce' rules need to be relaxed for virus infected messages?

2004-03-23 16:38:37

--On Tuesday, 23 March, 2004 17:54 -0500 Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:

False positives are the difficulty.


The essense of the original proposal would be this wording:

  If a MAIL FROM address is known to be forged, a bounce MUST
  NOT be sent to that forged address.

well, I'd probably say SHOULD NOT, but I think that's the
basic idea.

I suppose we could leave "is known to be forged" as an
exercise for the reader.

I have doubts about that.  I've seen too many bogus spam
detection algorithms.  I don't want to encourage silent
discarding of mail based on bogus criteria.  and it's very
difficult to define what reasonable criteria would be.

This is where I start wondering about modifying standards. If we are in a state in which we want to say (I know I'm changing this a bit, but maybe this form will reinforce the point)...

        * You SHOULD (or MUST) not try to send a bounce message
        if the Return-path is can be positively identified as
        * We don't know of, and certainly aren't ready to
        standardize, any way to tell how to make that

The combination of the two makes the first nearly a no-op.


--On Tuesday, 23 March, 2004 15:09 -0800 Daryl Odnert <daryl(_dot_)odnert(_at_)tumbleweed(_dot_)com> wrote:

Perhaps it would be appropriate to add some language to
section 3.7, where the requirement to send an "undeliverable
mail" notification message is described.  I'm thinking about
something like this:

   An SMTP server MAY decide not to send the "undeliverable
mail"    notification message when it can determined that the
original    message had malicious or deceitful intent.
Determination of    such intent is beyond the scope of this

This would be an accurate reflection of what many servers are
doing today.

This seems much closer to what I think would be appropriate, although I'd prefer, e.g., to see "be accurately" or "be positively" in front of "determined".

How do others feel about that change?


<Prev in Thread] Current Thread [Next in Thread>