Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: The value of Non-Delivery-Reports (NDR). Friday Editorial - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The value of Non-Delivery-Reports (NDR). Friday Editorial

Its friday. So instead of scaring everybody with an emergency patch you need to apply, let me "editorialize" a bit so you have something to think about over the weekend.

I have long wondered where e-mail is going these days. For me personally, the business value of e-mail has certainly become small. I run various anti-spam techniques, and setup an "important" inbox with e-mail from people I regularly correspond with. But good luck to get my attention if your e-mail ends up in my generic "inbox".

So I just read about DynDNS dropping "Non Delivery Reports". In short, if you are using their service, and your e-mail bounces, you may not hear about it. This is actually something I started doing a long time ago, and it worked fine so far. I don't actually expect my e-mail to go anywhere in the first place. If I don't get a response, I will just try again in a could days, or well, by then another project came up and the original e-mail didn't matter that much anyway.

I am a bit mixed about if I should send NDRs from my mail server or not. The random spammers certainly create a lot of them. But then again, I may as well tell them that 'tom@example.org' doesn't exist. Maybe they will stop.

Of course, there are RFCs that regulate these things. But the SMTP RFCs are broken in the sense that they don't have a meaningful way to fight spam. Otherwise, we wouldn't have so much spam.

Other rules I considered or tried in the past:

- greylisting. Works ok, but still.. too much spam. And I lost some important e-mail that way. For example, one of the airlines I fly with wasn't able to send me a receipt.

- only accept PGP signed e-mail. That wouldn't actually do much for spam. They could sign it. But they don't. However, neither do valid e-mail sender.

- turn off my mail server. Wowo... a 90% accurate spam filter. But well, the other 10% is why I bother with e-mail in the first place.

I will setup a poll shortly to collect your opinion about this.

 Just a quick update: When I am talking about "turning off NDRs", I am not talking about turning off 550 errors on the SMTP level. That may still be a good idea if you don't mind people enumerating your accounts.

 

 

 

I will be teaching next: Defending Web Applications Security Essentials - SANS Security West 2019

Johannes

3481 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!