North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Clueless anti-virus products/vendors (was Re: Sober)

  • From: Rich Kulawiec
  • Date: Sat Dec 10 12:02:21 2005

On Wed, Dec 07, 2005 at 02:15:00PM -0800, Douglas Otis wrote:
> >When auth fails, one knows *right then* c/o an SMTP reject.  No bounce
> >is necessary.
> This assumes all messages are rejected within the SMTP session.

Yes, exactly and the point several of us have been making is that
this is (a) easy (well, provided you're using a quality MTA; if not,
then switch to one) (b) running a sane mail system (c) fast
(d) resource-friendly and (e) most important of all, the _only_ way to
avoid sending UBE in response to forgeries (which are not going away
any time soon or quite possibly ever).

(Please note: there are no exceptions to the UBE specification for DSNs.
If DSNs are:

	- sent to forged senders (thus unsolicited)
	- in bulk (thus bulk)
	- via email (thus email)

then they are UBE, which is THE definition of spam -- and which
deliberately omits any mention of content, purpose or other things
that are irrelevant to the spam/not-spam question.)