[Asrg] Meta channel, not bounces

Thu Jan 15 10:38:17 PST 2009

Rich Kulawiec wrote:
> On Wed, Jan 14, 2009 at 06:12:23PM +0100, Alessandro Vesely wrote:
>> 599 Bounce to postmaster. What would be wrong if it existed? (I mean,  
>> besides how hard it would be to reliably introduce it now.)
> 
> I think -- even if there was widespread concurrence that it's a great
> idea -- "years" would be the timeline.

Yup, that's why I said "if it already existed".

> And I'm not sure it's advisable or even worth it.  Let me explain:
> 
> I tend to loosely group mail system operators into two ad hoc categories:
> [attentive vs. lame postmasters dissection dissertation]
> So there's little need to tell the first and little point in telling
> the second.

Yet, attentive postmasters are not omniscient. They need a data feed.

>> I agree it cannot be 0%, but better than 0.000001% is expected.
> 
> I think that's hopelessly optimistic in real-world settings.

Not for an AV filter. People routinely scan their hard disks with AV; 
perhaps they miss some viruses, but no legitimate software is 
quarantined. Obviously bugs exist, and FPs are a particular kind of 
bug for an AV package. I never saw one, but each AV vendor should have 
a list of open issues, and possibly also of the closed historical records.

SMTP implementation also have bugs. However, when discussing the 
protocol we take it for granted that they can be fixed.

> Also see Chris's excellent explanation, which I think is roughly
> typical of that at many large sites (it's certainly similar to the
> large sites I've worked on).

Chris said their filter is not able to distinguish viruses from 
generic malware. Otherwise, for viruses they could issue a "599 Don't 
bounce this dangerous content to the user" after data transfer, if 
that code existed...

> Besides: AV vendors issue incorrect signatures, people misconfigure
> their mailers (I've seen multiple instances of reversed tests), networks
> fail, routers hiccup, DNS botches, and so on.  There are so many things
> that go wrong that our only chance at diagnosis and repair relies on
> appropriate error messages.

Having an appropriate error message is not enough. It is also 
necessary to deliver that message to the right operator. Delivering 
error messages to end users may be counter productive. For a non-viral 
example, what can users do if their mail is bounced because of bad 
DKIM signatures?

>> Why don't we have a meta channel for those cases? Some bounces should be 
>> sent to postmasters, who can then send more meaningful DSNs, possibly 
>> after seeking the relevant message-ID in their logs, and fix the problem. 
> 
> Bounces are a bad idea because they add still more SMTP traffic, they
> can easily be abused to conduct DDoS attacks, and because of the
> situation outlined above.

That's exactly why I proposed a meta channel: to direct error messages 
  to someone who can act appropriately.

Some large sites have established feedback loops whereby a message is 
"bounced" to some postmaster. Apparently, they are mainly meant for 
"this is spam" actions. However, the ARF format (quite similar to DSN) 
provides fields for reporting bad DKIM signatures. I don't know at 
what level such bounces could be generated. It is technically possible 
to generate them right after the data transfer, just like for viral 
content. If we recognize that viruses are a problem, don't they 
deserve using that meta channel as well? This leaves us wondering how 
can such a meta channel be established for small and medium sites as 
well...