[Asrg] enough about backscatter
Franck Martin
franck at avonsys.com
Fri Jan 16 04:40:48 PST 2009
It is standard to do that at the end of DATA. And it is best to do it there than later. Whoever is connecting is told "no", rather than sending an NDR to the "mail from" which is likely to be forged.
Sync NDR are better than async NDR.
----- Original Message -----
From: "John Levine" <johnl at taugh.com>
To: asrg at irtf.org
Sent: Friday, 16 January, 2009 11:46:06 PM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] enough about backscatter
>So, just to clarify, you are saying that the view of ASRG is that if an
>MTA receives a message which when checked using anti-virus software such
>as Sophos or ClamAV (note this, my discussion was not about other
>anti-spam techniques) give a positive, the correct course of action is
>to reject the message using a 5xx response?
That seems to be the consensus here, yes.
My MTA does rejects on anything that has an attached EXE file, and I don't
ever recall getting any complaints about backscatter.
R's,
John
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg
More information about the Asrg
mailing list