[Top] [All Lists]

Re: Anything else on the content?

2006-10-30 11:52:26

John C Klensin <john+smtp(_at_)jck(_dot_)com> wrote:
--On Monday, 30 October, 2006 00:36 -0500 John Leslie
<john(_at_)jlc(_dot_)net> wrote:

The issue lies exactly where Frank says: any MX server that
accepts email which it _may_ not be able to deliver has a
responsibility to evaluate the likelihood that the
2821.MailFrom is useful: no later MTA will be in any better
position to do so.

For whatever it is worth, there is one important distinction
between the "DoS" theory and the "get spam through" theory
described above.  If the problem is the latter, then there is a
remedy that fits the existing model much better than either
Frank's approach or discarding mail.  That is to _not_ return
full content but, instead, to return headers only or, perhaps,
headers plus the first few lines of text if the first body part
is text.

   From experience, I can be sure that folks will be confused
no matter how much or how little is returned.

   And the spammer may not _intend_ it as a DoS when he includes
the same false 2821.MailFrom on a few thousand emails, but it
will surely _look_like_ a DoS to the user who receives them all.

   Besides, I don't expect the folks who would blacklist us for
sending too many NDNs to these false 2821.MailFroms to care to
count how many lines we return.

Done properly and with some obvious restrictions (e.g., truncation
of long subject lines and discarding unknown headers that seem
long enough to be an annoyance), that approach would make
backscatter essentially useless as a means of spam delivery.

   I really don't have any evidence backscatter is being used for
_delivery_ of spam, as opposed to merely _annoying_ the taraget.

It does mean that we need to be clear about the problem we are

   I quite agree!

But it is a lot less drastic than effectively prohibiting NDNs.

   I don't mean to support Frank's proposal to eliminate NDNs. I
merely think there are better alternatives than blindly trusting

John Leslie <john(_at_)jlc(_dot_)net>