[Asrg] where the message originated

der Mouse mouse at Rodents-Montreal.ORG
Tue Jan 13 17:34:15 PST 2009 

> Well, regardless of who is pointing the finger at who, the fact
> remains that:

> 1) an infected E-mail is being passed on to someone who quite likely
> had NOTHING to do with sending it, nor did they probably have any
> control over the system(s) that did;

True in the scenario outlined.  But there is no way for the host
issuing the SMTP-level reject to know, in general, that that is the
case; whether a bounce to anyone is generated is up to the SMTP
client's software.  (Direct-to-MX spamware, for example, generally does
not generate bounces in reaction to rejections.)

Furthermore, even the best malware detection FPs at least occasionally.
If my mail to my friend produces a FP, the _last_ thing I want is for
it to silently vanish.  (Furthermore, the presence of malware does not
necessarily mean the mail is unwanted or shouldn't be delivered; I have
no trouble imagining researchers mailing samples to one another.  Yes,
they _can_ encrypt them or some such, but I see no a priori reason they
should have to.)

> 2) [...]

> 3) [...]

> First of all, ultimately the ONLY authority which TRULY determines
> FOR A FACT whether a given piece of e-mail is unwanted or not is the
> final recipient.

If there is one.  A lot of spam, and probably a nontrivial amount of
malware-bearing email, has no existent addresses anywhere in the
envelope (often, not in the headers either).  Who is the "final
recipient" of such a message?

> Note that this is not unlike the way most of us actually handle "spam
> triage" in our inboxes now:  we look to see mail coming from
> unfamiliar senders, or unfamiliar subjects, or for that matter common
> spam-type subject lines.

Who's this "we"?  That's certainly not how I triage my email; the first
thing I look at for most of the mail that reaches my mailbox is the
beginning of the body.  At least a moderate fraction of my mail I never
read the Subject: or From: of at all.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

More information about the Asrg mailing list