use Perl

• Is bouncing bad? (Score:1)

  by nik (3476)

  Disclaimer: I do AV/Anti-spam for ~ 250,000 folk. Many of my e-mail addresses are also plastered all over the 'net, so I get plenty of these bounces too.

  Still, from my perspective, mail must *not* get lost. Failure to deliver a message to it's recipient must *always* generate a bounce message (i.e., an SMTP 5xx error).

  Why? Because I don't trust anti-virus software to always do the right thing. I don't trust anti-spam software to always do the right thing. I don't trust *BLs and local block lists to
  • 1% false negative vs 50% false positive (Score:2)

    by schwern (1528) on 2003.08.20 19:29 (#23348) Homepage Journal

    You might not trust it to do the right thing, but right now its doing a Very, Very Wrong Thing to such an extent that its effecting the health of the Internet. I don't think you quite understand the magnitude of the problem. I got another 1000 bounce messages overnight. That's absurd.

    With the current setup you're generating a massive quantity of false positives. So much so that I'm now likely to ignore *all* bounce messages. In effect, by flooding the system with false positives you're social engineering far more false negatives than you would have by simply not sending the virus warning.

    Furthermore, with the current setup there's almost no chance that your virus warning will get back to the infected machine. No modern virus sends out mail with a legit From line.

    Here's a simple solution. Check the Received headers to see if the originating machine and the From line or Reply-To are even vaguely related before sending out a warning. That would slash the number of false positives by at least an order of magnitude while still avoiding most false negatives. Those of us who use services like pobox.com will suffer gladly. In the case of an obviously bogus From line, send to the originating machine's postmaster.

    Reply to This

    Parent