North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP store and forward requires DSN for integrity

  • From: Suresh Ramasubramanian
  • Date: Sun Dec 11 06:29:28 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=s+BtnidNP6v9d5nGGEhGDwFgIDNUGjaTtzpGhmcn+XlCSPGgTUzr5KVQIvkJXMla9VA0MJHEZvdspqC5fiXIt8zge0xqVAkhIWRkiQ4ZTL1AVyHpyVAN78L+f/8+GWlx66sqyUANY0u6F5SqkOOaFWis8wh+VtVOf/br7GVrF6w=

On 12/11/05, Micheal Patterson <[email protected]> wrote:
> If malware detection systems would not generate a DSN to the originator
> upon detection in the first place, there would be no need to reduce
> those transactions as there would be no transactions to reduce. The

That is a big if.

No shortage of broken software / appliance etc products put out by
different vendors

Even if they do introduce patches for current versions or release new
versions that dont backscatter to spoofing viruses, there's a huge
installed base of crap old versions of this stuff.

So, fixing that lot is not going to be easy.

Sending BATV signed email out and accepting bounces to BATV'd
addresses does tend to make sense in a limited set of use cases (IF
you send email only from a single server / set of servers, and control
the sending client . geeks with pine on *bsd or webmail service
providers, or mailing list services that anyway do VERP)

Upgrade MTAs around the world?  Which MTAs around the world receive
bounces bound for your domain, and to your servers?  And which MTAs
send legitimately send out email with your domain?  If you are SURE
that all that is covered, try BATV and it will work rather well for
you.  If you aren't - dont bother about it.

--
Suresh Ramasubramanian ([email protected])