Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The value of Non-Delivery-Reports (NDR). Friday Editorial

Published: 2007-08-24
Last Updated: 2007-08-24 22:12:18 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Its friday. So instead of scaring everybody with an emergency patch you need to apply, let me "editorialize" a bit so you have something to think about over the weekend.

I have long wondered where e-mail is going these days. For me personally, the business value of e-mail has certainly become small. I run various anti-spam techniques, and setup an "important" inbox with e-mail from people I regularly correspond with. But good luck to get my attention if your e-mail ends up in my generic "inbox".

So I just read about DynDNS dropping "Non Delivery Reports". In short, if you are using their service, and your e-mail bounces, you may not hear about it. This is actually something I started doing a long time ago, and it worked fine so far. I don't actually expect my e-mail to go anywhere in the first place. If I don't get a response, I will just try again in a could days, or well, by then another project came up and the original e-mail didn't matter that much anyway.

I am a bit mixed about if I should send NDRs from my mail server or not. The random spammers certainly create a lot of them. But then again, I may as well tell them that 'tom@example.org' doesn't exist. Maybe they will stop.

Of course, there are RFCs that regulate these things. But the SMTP RFCs are broken in the sense that they don't have a meaningful way to fight spam. Otherwise, we wouldn't have so much spam.

Other rules I considered or tried in the past:

- greylisting. Works ok, but still.. too much spam. And I lost some important e-mail that way. For example, one of the airlines I fly with wasn't able to send me a receipt.

- only accept PGP signed e-mail. That wouldn't actually do much for spam. They could sign it. But they don't. However, neither do valid e-mail sender.

- turn off my mail server. Wowo... a 90% accurate spam filter. But well, the other 10% is why I bother with e-mail in the first place.

I will setup a poll shortly to collect your opinion about this.

 Just a quick update: When I am talking about "turning off NDRs", I am not talking about turning off 550 errors on the SMTP level. That may still be a good idea if you don't mind people enumerating your accounts.

 

 

 

Keywords:
0 comment(s)
Diary Archives