spf-discuss
[Top] [All Lists]

Re: forged email DSN

2005-02-26 15:09:16
At 01:03 PM 2/26/05, you wrote:
On Sat, 26 Feb 2005, Brian W. Antoine wrote:

  I'm aware of what DSN's are for, stop trying to be condescending.

Sorry, you seemed to be disagreeing with my statement that DSN != reply.

  I used reply in the sense that your system is sending a message as a
response to an incoming one.

  Are you ever going to send more than one warning to any given domain?

It keeps an in-memory cache of senders.  When I'm not working on it,
the milter typically runs for months at a time.  I thought about 
tracking the domain also (need to cache the specific sender anyway to avoid
redoing CBV), but so far there is no need.  Since updating the 
template at 1:45pm (2 hours ago), 1000 messages have come in (mostly rejected
as forgeries and spam), and DSNs were actually delivered to the following
senders:

So I am not flooding anyones mailbox.  The DSNs do not go directly
to the postmaster, but to the purported sender.  The peak
rate for our MTA is about 40000 messages/day (typically reached
during virus outbreaks).

  So you're going to be sending that template full of technical information
about how to avoid getting your warnings to end users who've had their addr
forged?  That's actually worse then just warning the postmaster at the domain
because now he's got to take calls from people who we can reasonably expect
to be clueless.

If there is a virus that forges %randomname(_at_)joejobbed(_dot_)com, then 
limiting the DSNs per domain could be useful, but in that case
the backscatter from my program will still be a drop in the bucket.
With a random name, most attempts will fail the CBV and get rejected.

  I believe you're underestimating what the response to getting a flood
of DSN's from your server will be, even if most of them get rejected, but
that's your call to make.


<Prev in Thread] Current Thread [Next in Thread>