[Asrg] enough about backscatter
David Wilson
David.Wilson at isode.com
Fri Jan 16 03:14:44 PST 2009
On Fri, 2009-01-16 at 10:50 +0000, John Levine wrote:
> >Therefore, if you always 5xx messages which are known to contain
> >malicious content, some fraction of those rejections will result in
> >notification messages which are likely to contain that malicious
> >content.
>
> ... and as Chris has told you several times, that fraction has been
> observed to be less than 1/1,000,000, orders of magnitude less than
> the rejections that alert real users to false positives. So stop.
>
> Perhaps it's time to amend the ASRG charter to exclude easily
> visualized but actually hypothetical threats. If you disagree that
> they're hypothetical, first you have to go get real data to support
> your claim.
So, just to clarify, you are saying that the view of ASRG is that if an
MTA receives a message which when checked using anti-virus software such
as Sophos or ClamAV (note this, my discussion was not about other
anti-spam techniques) give a positive, the correct course of action is
to reject the message using a 5xx response?
More information about the Asrg
mailing list