[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DEPLOY: Sending of malicious 'bounce' messages to innocent victims



Sender-ID has the capability to determine that an Original message is a forgery.

The drafts require the rejection of a forged Original message, potentially
occasioning the sending of a 'bounce' message to the Mail-From address.

It is the experience here, and it has also been reported on the spf-discuss
list, that there is common family of malicious emails in which a virus-carrying
payload is distributed (in volume from compromised hosts) with the intended
victim designated in the Mail-From: address.

By implementing Sender-ID, we would become parties to the creation and
propagation of malicious messages.

Had we not implemented Sender-ID, those 'bounce' recipients would not otherwise
have received those malicious messages.

Active participation in the propagation of viruses, pornography, UBM and other
forms of malice is counter to our policies on business ethics.

I am therefore unable to deploy Sender-ID as presently drafted.


Chris Haynes
Names of businesses available on request.