Re: Is predictable spam filtering a vulnerability? (silently dropping messages)

To: Martin Mačok <martin.macok@xxxxxxxxxxxxxx>
Subject: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
From: "David F. Skoll" <dfs@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Jun 2004 20:53:56 -0400 (EDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20040622142002.GB2855@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200406161326.AA304546076@xxxxxxxxxxx> <Pine.LNX.4.58.0406170727510.5272@xxxxxxxxxxxxxxxxxxxxxxxxx> <20040622142002.GB2855@xxxxxxxxxxxxxxxx>

On Tue, 22 Jun 2004, Martin [iso-8859-2] Ma?ok wrote:

> > A spam filter MUST respond with a 500 SMTP failure code if it
> > rejects a message.

> What is your opinion based on?

Personal experience.

> I'm assuming you mean RFC 2821 (SMTP) -- by issuing "250 OK" to
> a message, SMTP server is accepting responsibility for delivering or
> relaying the message.

Yes.

[...]

> For me, not generating bounce message to spam/viral message is
> a reason valid enough to "break" RFC 2821.

I agree with silently discarding viruses, because false-positives are
practically unknown.  Silently discarding suspected spam is very
bad, because false positives are reasonably common.

> IHMO 1: If your filter decides the message is not worth a delivery
>         it's not worth a bounce too.

That's not correct.  I've had many legitimate emails rejected by overzealous
spam filtering.

> IMHO 2: If your filter does not do the job of filtering messages well
>         and bounces back, it is just distributing his work to others
>         and deserves to be repaired/changed or blacklisted (firewalled
>         out by others).

A 5xx failure code is a lot more friendly than actually generating a DSN.

> IMHO 3: If user Joe gets 10 delivery failures of messages that he has
>         not sent and one delivery failure of message that he has
>         actually sent, it is worse than if he gets nothing.

This is indeed a problem, and it's a loophole that needs to be closed.
There needs to be a way for an SMTP server to correlate a bounce
message with a sent message, and reject the bounce message if it
wasn't caused by a validly-sent message.  Proposals like SPF can help
a little.

One good thing is that spammers often use ratware that ignores
failure codes.  So a 5xx return code does *not* elicit a
DSN, whereas having your anti-spam box actually generate a DSN
is obviously bad.

IMO, silently discarding mail that is suspected to be spam will only
further damage people's trust in the reliability of e-mail, which is
already very strained.

Regards,

David.

Follow-Ups:
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
  - From: der Mouse

References:
- Is predictable spam filtering a vulnerability?
  - From: R Armiento
- Re: Is predictable spam filtering a vulnerability?
  - From: David F. Skoll
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
  - From: Martin Mačok

Prev by Date: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
Next by Date: Re: Is predictable spam filtering a vulnerability?
Previous by thread: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
Next by thread: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
Index(es):
- Date
- Thread