[Top] [All Lists]

Re: Do the must 'bounce' rules need to be relaxed for virus infected messages?

2004-03-25 10:50:22

On Tue, Mar 23, 2004 at 05:54:21PM -0500, Keith Moore wrote:

False positives are the difficulty.


The essense of the original proposal would be this wording:

 If a MAIL FROM address is known to be forged, a bounce MUST
 NOT be sent to that forged address.

well, I'd probably say SHOULD NOT, but I think that's the basic idea.

I suppose we could leave "is known to be forged" as an exercise
for the reader.

I have doubts about that.  I've seen too many bogus spam detection 
algorithms.  I don't want to encourage silent discarding of mail based 
on bogus criteria.  and it's very difficult to define what reasonable 
criteria would be.

If we are into recommendations, I would like that we add advice on the
bouncing errors, if the MTA choses to send one. In that way the reciver
of the potential bogus mail can filter out these messages.

This applies both to the bouncing of the bogus mail, and also on reports
on virus found, which may be the same issue. I have tried to track the
messages reporting that they found a virus and have till now identified
more than 300 different headers and more thand 300 different strings in
bodies that identifies such messages (and I am still counting). 

Recommendations in this area would greatly simplify this.

best regards

<Prev in Thread] Current Thread [Next in Thread>