Comments on: Internet Pestilence http://adam.rosi-kessel.org/weblog/2004/02/06/internet_pestilence Technology, law, and personal stories Mon, 15 Mar 2010 20:13:06 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Scott James Remnant http://adam.rosi-kessel.org/weblog/2004/02/06/internet_pestilence/comment-page-1#comment-2646 Scott James Remnant Thu, 01 Jan 1970 00:00:00 +0000 http://adam.rosi-kessel.org/weblog/this_weblog/internet_pestilence.html#comment-2646 <p>What about mail servers that simply reject mails containing viruses or those that are identified as SPAM with a standard bounce message? Should those simply bit-bucket the incoming mail, or should they at least make a valiant attempt to notify the (apparent) sender that their mail couldn't be deliverered.</p> <p>What about those mail servers that reject such mails at SMTP-time, should the communicating mail server generate the appropriate bounce message to let the (apparent) sender know their message couldn't be delivered.</p> <p>What about for those spam/virus runs that invent an e-mail address of the form $common<em>name@$random</em>domain and attempt to send to that, should a mail server on receiving this and discovering that they have no $common_name mailbox generate a bounce message to notify the (apparent) sender that their mail could not be delivered.</p> <p>What you are advocating is a change to the "correct operation" of mail servers so that any failure to deliver an e-mail simply results in the e-mail being thrown away. All forms of failure notice would have to be eradicated to ensure these poor unwitting non-senders don't get mails in reply to ones they never sent.</p> <p>Systems like SPF try to solve this by being able to answer the question "can this host really speak for this address?" But this has several major flaws as well.</p> <p>These are all trying to fix the symptoms of the problem. I would much rather people advocated fixing the cause of the problem, and making it legal to blow spammers' balls off with a 12-bore shotgun. That would solve the problem nicely without breaking the Internet.</p> What about mail servers that simply reject mails containing viruses or those that are identified as SPAM with a standard bounce message? Should those simply bit-bucket the incoming mail, or should they at least make a valiant attempt to notify the (apparent) sender that their mail couldn’t be deliverered.

What about those mail servers that reject such mails at SMTP-time, should the communicating mail server generate the appropriate bounce message to let the (apparent) sender know their message couldn’t be delivered.

What about for those spam/virus runs that invent an e-mail address of the form $commonname@$randomdomain and attempt to send to that, should a mail server on receiving this and discovering that they have no $common_name mailbox generate a bounce message to notify the (apparent) sender that their mail could not be delivered.

What you are advocating is a change to the “correct operation” of mail servers so that any failure to deliver an e-mail simply results in the e-mail being thrown away. All forms of failure notice would have to be eradicated to ensure these poor unwitting non-senders don’t get mails in reply to ones they never sent.

Systems like SPF try to solve this by being able to answer the question “can this host really speak for this address?” But this has several major flaws as well.

These are all trying to fix the symptoms of the problem. I would much rather people advocated fixing the cause of the problem, and making it legal to blow spammers’ balls off with a 12-bore shotgun. That would solve the problem nicely without breaking the Internet.

]]> By: Scott James Remnant http://adam.rosi-kessel.org/weblog/2004/02/06/internet_pestilence/comment-page-1#comment-2647 Scott James Remnant Thu, 01 Jan 1970 00:00:00 +0000 http://adam.rosi-kessel.org/weblog/this_weblog/internet_pestilence.html#comment-2647 <p>What about mail servers that simply reject mails containing viruses or those that are identified as SPAM with a standard bounce message? Should those simply bit-bucket the incoming mail, or should they at least make a valiant attempt to notify the (apparent) sender that their mail couldn't be deliverered. <p> What about those mail servers that reject such mails at SMTP-time, should the communicating mail server generate the appropriate bounce message to let the (apparent) sender know their message couldn't be delivered. <p> What about for those spam/virus runs that invent an e-mail address of the form $common<em>name@$random</em>domain and attempt to send to that, should a mail server on receiving this and discovering that they have no $common_name mailbox generate a bounce message to notify the (apparent) sender that their mail could not be delivered. <p> What you are advocating is a change to the "correct operation" of mail servers so that any failure to deliver an e-mail simply results in the e-mail being thrown away. All forms of failure notice would have to be eradicated to ensure these poor unwitting non-senders don't get mails in reply to ones they never sent. <p> Systems like SPF try to solve this by being able to answer the question "can this host really speak for this address?" But this has several major flaws as well. <p> These are all trying to fix the symptoms of the problem. I would much rather people advocated fixing the cause of the problem, and making it legal to blow spammers' balls off with a 12-bore shotgun. That would solve the problem nicely without breaking the Internet.</p> What about mail servers that simply reject mails containing viruses or those that are identified as SPAM with a standard bounce message? Should those simply bit-bucket the incoming mail, or should they at least make a valiant attempt to notify the (apparent) sender that their mail couldn’t be deliverered.

What about those mail servers that reject such mails at SMTP-time, should the communicating mail server generate the appropriate bounce message to let the (apparent) sender know their message couldn’t be delivered.

What about for those spam/virus runs that invent an e-mail address of the form $commonname@$randomdomain and attempt to send to that, should a mail server on receiving this and discovering that they have no $common_name mailbox generate a bounce message to notify the (apparent) sender that their mail could not be delivered.

What you are advocating is a change to the “correct operation” of mail servers so that any failure to deliver an e-mail simply results in the e-mail being thrown away. All forms of failure notice would have to be eradicated to ensure these poor unwitting non-senders don’t get mails in reply to ones they never sent.

Systems like SPF try to solve this by being able to answer the question “can this host really speak for this address?” But this has several major flaws as well.

These are all trying to fix the symptoms of the problem. I would much rather people advocated fixing the cause of the problem, and making it legal to blow spammers’ balls off with a 12-bore shotgun. That would solve the problem nicely without breaking the Internet.

]]> By: Adam Kessel http://adam.rosi-kessel.org/weblog/2004/02/06/internet_pestilence/comment-page-1#comment-2648 Adam Kessel Thu, 01 Jan 1970 00:00:00 +0000 http://adam.rosi-kessel.org/weblog/this_weblog/internet_pestilence.html#comment-2648 <p> Thanks for the comment; however, my complaint was really focused on the issue of virus scanners and their "counterspam" virus detection systems. I do understand that there would be serious consequences to dropping emails silently (which hotmail apparently does now); what I'm advocating is that if the virus scanner detects a virus that it <b>knows</b> uses forged headers, it doesn't do any good to reply to the alleged sender saying "you have a virus." </p> <p><p> Certainly spammers forge headers as well, but I think that's a totally different issue. Here we're dealing with a system that detects a unique virus signature, and it should know enough to realize that bouncing back an error (basically advertising its own service) is useless. </p></p> Thanks for the comment; however, my complaint was really focused on the issue of virus scanners and their “counterspam” virus detection systems. I do understand that there would be serious consequences to dropping emails silently (which hotmail apparently does now); what I’m advocating is that if the virus scanner detects a virus that it knows uses forged headers, it doesn’t do any good to reply to the alleged sender saying “you have a virus.”

Certainly spammers forge headers as well, but I think that’s a totally different issue. Here we’re dealing with a system that detects a unique virus signature, and it should know enough to realize that bouncing back an error (basically advertising its own service) is useless.

]]> By: Jamie Forrest http://adam.rosi-kessel.org/weblog/2004/02/06/internet_pestilence/comment-page-1#comment-2649 Jamie Forrest Thu, 01 Jan 1970 00:00:00 +0000 http://adam.rosi-kessel.org/weblog/this_weblog/internet_pestilence.html#comment-2649 <p>Yeah, that pisses me off. My wife Rachel is always asking me whether we have a virus on our computer because she gets messages that say that our computer is infected (due to forged headers causing viruses to appear to come from our address). I know how these things work so I assure her that we do not have a virus; why can't these big systems be just as smart?</p> <p>In any case, I use Macs, and since they don't have the PC marketshare, viruses just don't get written for them. :)</p> Yeah, that pisses me off. My wife Rachel is always asking me whether we have a virus on our computer because she gets messages that say that our computer is infected (due to forged headers causing viruses to appear to come from our address). I know how these things work so I assure her that we do not have a virus; why can’t these big systems be just as smart?

In any case, I use Macs, and since they don’t have the PC marketshare, viruses just don’t get written for them. :)

]]>