Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The value of Non-Delivery-Reports (NDR). Friday Editorial

Published: 2007-08-24
Last Updated: 2007-08-24 22:12:18 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Its friday. So instead of scaring everybody with an emergency patch you need to apply, let me "editorialize" a bit so you have something to think about over the weekend.

I have long wondered where e-mail is going these days. For me personally, the business value of e-mail has certainly become small. I run various anti-spam techniques, and setup an "important" inbox with e-mail from people I regularly correspond with. But good luck to get my attention if your e-mail ends up in my generic "inbox".

So I just read about DynDNS dropping "Non Delivery Reports". In short, if you are using their service, and your e-mail bounces, you may not hear about it. This is actually something I started doing a long time ago, and it worked fine so far. I don't actually expect my e-mail to go anywhere in the first place. If I don't get a response, I will just try again in a could days, or well, by then another project came up and the original e-mail didn't matter that much anyway.

I am a bit mixed about if I should send NDRs from my mail server or not. The random spammers certainly create a lot of them. But then again, I may as well tell them that '' doesn't exist. Maybe they will stop.

Of course, there are RFCs that regulate these things. But the SMTP RFCs are broken in the sense that they don't have a meaningful way to fight spam. Otherwise, we wouldn't have so much spam.

Other rules I considered or tried in the past:

- greylisting. Works ok, but still.. too much spam. And I lost some important e-mail that way. For example, one of the airlines I fly with wasn't able to send me a receipt.

- only accept PGP signed e-mail. That wouldn't actually do much for spam. They could sign it. But they don't. However, neither do valid e-mail sender.

- turn off my mail server. Wowo... a 90% accurate spam filter. But well, the other 10% is why I bother with e-mail in the first place.

I will setup a poll shortly to collect your opinion about this.

 Just a quick update: When I am talking about "turning off NDRs", I am not talking about turning off 550 errors on the SMTP level. That may still be a good idea if you don't mind people enumerating your accounts.




0 comment(s)
Diary Archives