Sat, Sep. 22, 2007
Bonn Feds Forego Bounce
CK - Washington. Fighting spam by ignoring rules: The Federal Agency for Security in Information Technology, BSI, advises government agencies to forego bounce messages which the internet-technology rules for receiving mail servers, RFCs 821 and 2821, require. As a result, mistyped addresses in communications to such agencies will not trigger an error message to the sender.
A Heise investigation explains that the BSI action represents a response to spam. Spammers can fake email addresses and, through the bounce-notification system, can make recipients of spam believe the government would communicate with them when, in fact, the message originates from an unwanted source.
According to Heise, Bonn-based BSI justifies its violation of the SMTP RFCs with the need to fight spam and virus-payloads, to keep government servers from becoming blacklisted on spam-fighting lists, to avoid having the general population confused by spam mails ostensibly originating with the government and to ignore a now-inappropriate standard conceived before the rise of spam.
Some agencies accept mail with mistyped addresses, others simply drop it. Load and performance concerns do not allow all receiving mail servers at government agencies--and anywhere, for that matter--to analyze all incoming mail for improper or dangerous content in real time.
Once real-time analysis is generally feasible and implemented, adherance to generally accepted standards for Internet communications should not be questioned. The BSI-suggested approach may avoid some harm and do some good, but unilateral deviations from technical standards may lead to chaos that threatens all traffic on the network.
CK - Washington. Fighting spam by ignoring rules: The Federal Agency for Security in Information Technology, BSI, advises government agencies to forego bounce messages which the internet-technology rules for receiving mail servers, RFCs 821 and 2821, require. As a result, mistyped addresses in communications to such agencies will not trigger an error message to the sender.
A Heise investigation explains that the BSI action represents a response to spam. Spammers can fake email addresses and, through the bounce-notification system, can make recipients of spam believe the government would communicate with them when, in fact, the message originates from an unwanted source.
According to Heise, Bonn-based BSI justifies its violation of the SMTP RFCs with the need to fight spam and virus-payloads, to keep government servers from becoming blacklisted on spam-fighting lists, to avoid having the general population confused by spam mails ostensibly originating with the government and to ignore a now-inappropriate standard conceived before the rise of spam.
Some agencies accept mail with mistyped addresses, others simply drop it. Load and performance concerns do not allow all receiving mail servers at government agencies--and anywhere, for that matter--to analyze all incoming mail for improper or dangerous content in real time.
Once real-time analysis is generally feasible and implemented, adherance to generally accepted standards for Internet communications should not be questioned. The BSI-suggested approach may avoid some harm and do some good, but unilateral deviations from technical standards may lead to chaos that threatens all traffic on the network.
Permalink
CURRENT :: 2003 :: 2004 :: 2005 :: 2006 :: 2007 :: 2008 :: 2009 :: 2010 :: 2011
:: 2012
:: 2013
:: 2014
:: 2015
:: 2016
:: 2017
:: 2018
:: 2019
German Reports: