mailing list archives
RE: Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 4 Mar 2004 06:32:52 -0500
SMTP auth does not help at all. A virus that delivers email via it's own SMTP engine
completely bypasses the end users ISP server(s). And if the recipient server does not
allow incoming mail from wherever it is presented from, then incoming mail will simply
be broken unless there is some sort of SPF.
Yeah, exactly, that's the point. SMTP AUTH plus something like SPF/CID/DK would stop all
the existing worms from operating. Mail sent through their own engines would be rejected
But, SPF, caller-ID, and Domain keys all have major unsolved issues with forwards,
aliases, corporate employees checking their work mail and needing to reply through their
home connection ISP, but with their company 'From: ' address and several other common
scenarios. Until their is universal adoption of some add on to SMTP, nobody can reject
all non-conforming mail safely.
It's not hard to imagine the largest ISPs and large corps accepting it, at which point
it would become necessary for others to accept it or risk having their mail shut out.
All implementations create a much greater load on DNS.
Greater, yes. Much greater, I'm not so sure. Verisign doesn't think it's a substantial
extra load. The DNS data could very reasonably be cached.
The real issue is that their is no possible algorithmic solution to rejecting email
reliably based on any of its source, its content, or any combination.
So SPF/CID/DK don't work? They reject based on domain
If the mail is not accepted, laws prohibit silently discarding it.
I've never heard this before. What law?
eWEEK.com Security Center Editor
larryseltzer () ziffdavis com
Full-Disclosure - We believe in it.