[35456] in bugtraq
Re: Is predictable spam filtering a vulnerability? (silently dropping
daemon@ATHENA.MIT.EDU (David F. Skoll)
Wed Jun 23 15:10:12 2004
Date: Tue, 22 Jun 2004 20:53:56 -0400 (EDT)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.macok@underground.cz>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20040622142002.GB2855@josefina.dcit.cz>
Message-ID: <Pine.LNX.4.58.0406222049440.7290@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 22 Jun 2004, Martin [iso-8859-2] Ma?ok wrote:
> > A spam filter MUST respond with a 500 SMTP failure code if it
> > rejects a message.
> What is your opinion based on?
Personal experience.
> I'm assuming you mean RFC 2821 (SMTP) -- by issuing "250 OK" to
> a message, SMTP server is accepting responsibility for delivering or
> relaying the message.
Yes.
[...]
> For me, not generating bounce message to spam/viral message is
> a reason valid enough to "break" RFC 2821.
I agree with silently discarding viruses, because false-positives are
practically unknown. Silently discarding suspected spam is very
bad, because false positives are reasonably common.
> IHMO 1: If your filter decides the message is not worth a delivery
> it's not worth a bounce too.
That's not correct. I've had many legitimate emails rejected by overzealous
spam filtering.
> IMHO 2: If your filter does not do the job of filtering messages well
> and bounces back, it is just distributing his work to others
> and deserves to be repaired/changed or blacklisted (firewalled
> out by others).
A 5xx failure code is a lot more friendly than actually generating a DSN.
> IMHO 3: If user Joe gets 10 delivery failures of messages that he has
> not sent and one delivery failure of message that he has
> actually sent, it is worse than if he gets nothing.
This is indeed a problem, and it's a loophole that needs to be closed.
There needs to be a way for an SMTP server to correlate a bounce
message with a sent message, and reject the bounce message if it
wasn't caused by a validly-sent message. Proposals like SPF can help
a little.
One good thing is that spammers often use ratware that ignores
failure codes. So a 5xx return code does *not* elicit a
DSN, whereas having your anti-spam box actually generate a DSN
is obviously bad.
IMO, silently discarding mail that is suspected to be spam will only
further damage people's trust in the reliability of e-mail, which is
already very strained.
Regards,
David.
