North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP store and forward requires DSN for integrity (was Re:Cluelessanti-virus )

  • From: JP Velders
  • Date: Sat Dec 10 09:42:15 2005

> Date: Fri, 9 Dec 2005 15:08:49 -0800
> From: Douglas Otis <[email protected]>
> Subject: Re: SMTP store and forward requires DSN for integrity

> On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
> > [ ... ]
> > I have not requested the virus "warnings" (unsolicited), they are being sent
> > via an automated trigger (bulk, by extension of the viruses also being
> > bulk), and they are e-mail -- UBE by definition.  Whether they are also
> > formatted as DSNs or delivered like DSNs doesn't take away their UBE status.

> This is a third-party acting in good faith,

It's amazing Mike, can you pass me that crack-pipe !

*any* anti-virus vendor has not only signatures of a specific virus 
but also a good understanding of what the virus does and how it 
spreads. If the vendor doesn't, well, they'd better retire from the AV 
business, because as a vendor they should be able to tell me that.
(you know, me customer, you vendor, I give money for features I want)

If you want to send DSN's telling people they send out a virus, do so 
only for viruses which are known *not* to forge or even better, which 
don't have any SMTP engines of their own. Well, how many of those 
still wander round ? And how many of those can be found by *outbound* 
scanning on mailservers at the originating party ?

> [ ... ]
> Where do you draw the line, as AV filtering is not the only source of a
> spoofed DSN problem?

Right now dumb AV filtering is akin to a Smurf amplifier. Essentially 
the AV vendors are DDoS'ing each and every mailserver out there. 
Great, now a little question, why not inform the recipient of the 
mails that the AV solution stopped another virus heading their way ? 
Would be great advertising, see Mr CIO, you have 500 new mails in the 
last hour, 490 are about how our mailserver stopped all them viruses !

Last month alone, my Spam folder (at work) counted over 80% AV mails. 
Guess how large that folder has become because of that ? I've jumped 
from around 1GB normally up to almost 3GB. That jump can be attributed 
to AV filters everywhere. You'd almost think the AV vendors have a 
rather large stock in bandwith and storage providers.

> [ ... ]
> In this case however, it is in keeping with a general expectation that a DSNs
> will be sent when a message can not be delivered.  If this party wanted to
> save costs, they would toss the DSN.

Save costs ?
Sure I wanna save costs.

And mind you the most expense isn't in the storage for e-mail for my 
end users, it's in the cost of me making sure we don't get blacklisted 
by every other selfrespecting mailserver in the world. Hence we drop 
virus mails, we log them, and the *recipients* can get a mail telling 
them a virus was stopped. However we put that into a seperate IMAP 
folder and not in the INBOX. There's no need to Spam both sender and 
recipient. The recipient on our end can check to see if a message 
towards them was stopped if they were expecting something.

Now viruses aren't the only scourge, I know, but the AV vendors are 
hard underway to destroy e-mail as a communications tool, where 
previously this was the doing of Spammers. I don't think any AV vendor 
would consider themselves more "evil" then Spammers, Phishers or 
scriptkiddies, but they will be if they don't act more responsibly.

JP Velders