Re: DOC-BUG: permitted use of PRA/submitter address

[<mazieres@xxxxxxxxx>]

On Mon, 30 Aug 2004 22:12:11 -0700, Harry Katz
<hkatz@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> On Monday, August 30, 2004 7:07 PM, mazieres@xxxxxxxxx
> [mailto:mazieres@xxxxxxxxx] wrote:
> 
> > Okay, so basically is it the case that Sender ID (in its
> > present form) isn't designed to help with these kinds of
> > viruses and virus notifiers?  At this point, is there any
> > possible action the MARID group could take that would allow
> > more intelligent virus rejection?  I care a lot about this
> > problem, and was hoping the outcome of this working group could help.
> 
> I think Sender ID will help with viruses, though perhaps not in the way
> you're suggesting.  As I understand it, many viruses today are
> tranmitted from infected zombie machines, often home computers connected
> via cable modem or DSL lines.  The IP addresses of these home computers
> will not likely be listed by their owning ISPs as legitimate sources of
> outbound e-mail.  Thus a receiver performing the Sender ID check should
> be able to detect "foul play" and reject the message, presumably with a
> 5xx type return code rather than by sending an actual bounce message.

I'm not sure I see how the owning ISP of the virus-infected machine
comes into play, as the problem is that the machines are forging mail
in my name.  (If viruses all claimed to be from the owning ISP, I'd
already be a lot happier.)

It's true that if I publish an SPF2 record, it would probably help
with today's viruses, because the From: address would be the PRA, and
thus would be goverened by my SPF2 record.  However, if Sender-ID were
adopted, I'm sure the virus writers would just start  including a line
like:

    Resent-Sender: virus@com

in each email.  This would guarantee a SenderID result of None (since
com has NS but no TXT/SPF2 records), and thus for sites that don't do
virus checking before responding to the DATA command, would still
result in a flood of bounce messages to me.