RE: DOC-BUG: permitted use of PRA/submitter address

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Mon, 2004-08-30 at 22:12, Harry Katz wrote:
> On Monday, August 30, 2004 7:07 PM, mazieres@xxxxxxxxx
> [mailto:mazieres@xxxxxxxxx] wrote: 
> 
> > Okay, so basically is it the case that Sender ID (in its 
> > present form) isn't designed to help with these kinds of 
> > viruses and virus notifiers?  At this point, is there any 
> > possible action the MARID group could take that would allow 
> > more intelligent virus rejection?  I care a lot about this 
> > problem, and was hoping the outcome of this working group could help.
> 
> I think Sender ID will help with viruses, though perhaps not in the way
> you're suggesting.  As I understand it, many viruses today are
> tranmitted from infected zombie machines, often home computers connected
> via cable modem or DSL lines.  The IP addresses of these home computers
> will not likely be listed by their owning ISPs as legitimate sources of
> outbound e-mail.  Thus a receiver performing the Sender ID check should
> be able to detect "foul play" and reject the message, presumably with a
> 5xx type return code rather than by sending an actual bounce message.

There are several problems with what appears to be misleading
information.  If Harry was suggesting the use of a DUL list, then this
could indicate whether the ISP has listed these addresses, but then he
say it is Sender-ID doing this?  Sender-ID does not restrict the IP
address placed within an SPF2 record.  In fact, the SPF2 record could
include the entire Internet.  Nor does Sender-ID bother to identity the
host sending the mail.  This misleading information also seems to imply
"?all" records will be refused.  If so, the "all" construct should be
removed from the draft.  To give the virus writer some credit, the virus
may use Sender-ID macro syntax to create labels that ensure receiving a
"pass" where the scope of the address does not appear out of the norm. 
In short, Sender-ID does not offer protection from viruses or zombie
machines attached to DSL lines.  Keep your virus filter running. 

> > > Not sure I understand this question.  However, when an MTA 
> > > sends a DSN with MAIL FROM <>, the PRA would typically be
> > > something like postmaster@xxxxxxxxxxx or
> > > mailer-daemon@xxxxxxxxxxxx  See example 5.5 of the SUBMITTER spec.
> > 
> > Sorry, my question was about receiving, not sending bounces.  
> > Let me elaborate.  Suppose I have two email addresses:
> > 
> > me@xxxxxxxxxxxx
> > me-bounces-2004@xxxxxxxxxxxx
> > 
> > Because of the number of bounces I get from viruses, the 
> > address me@xxxxxxxxxxxx does not accept DSNs.  Therefore, I 
> > always use me-bounces-2004@xxxxxxxxxxxx as the envelope sender.
> > 
> > So far so good.  The next question is which address I should 
> > use as the PRA.  If I don't do anything, the PRA will be 
> > me@xxxxxxxxxxxx, which I would probably prefer.  However, 
> > given that that address refuses DSNs, the question is whether 
> > there would be grounds for listing me in the rfc-ignorant RBL:
> > 
> > http://www.rfc-ignorant.org/policy-dsn.php
>
> Thanks for clarifying.  Bounces go to the return-path address, not to
> the PRA.  If you want bounces to go to a specific address you need to
> set the MAIL FROM address to the desired address when you send mail.

This does not seem to answer the question.  If the PRA is compared
against the list, then your RFC2822 From will need to be changed, or you
will need to include a Resent-From header in your message to preserve
the RFC2822 From.  You may need to get the Resent-From plug-in. : )

-Doug