anomy-list

Re: Bounce on Attachment Type

From: Systems Administrator (99964@xyz.molar.is)
Date: Fri 07 Nov 2003 - 02:33:49 GMT

  • Next message: Vauseweh, Jan: "may problems with special characters (German Umlaute) in header ' from:'?"

    On Fri, 7 Nov 2003, Noel Clarkson wrote:

    > my advice would be to resist the urge to send anything back to the email
    > address that the virus came from. I know that it seems like a good idea
    > to warn people that they might have a virus, but almost all of the newer
    > viruses that are propegating these days have spoofed addresses. Some of
    > these are made up addresses that won't go anywhere and might bounce back
    > to you (so you have to deal with them), some of them go to the sys admin
    > of the domain used and they have to deal with them (which wastes their
    > time). Others end up with a person who is not infected but was in the
    > address book (or their email appeared on a cached web page etc) of the
    > person who is infected, and the person who isn't infected panicks
    > unnecessarily. The most insidious of them have addresses picked by the
    > virus writer of a domain that they don't like for some reason and so
    > that domain then gets swamped with this sort of automatic message reply
    > for messages they never sent (and it also doesn't do their reputation
    > any good as far as all those who don't realise that the domain in
    > question had nothing to do with it). So for the (very) few cases in
    > which you might help someone realise they have a virus, you'll problaby
    > send thousands of warnings that will cause more harm than good.
    >
    > As someone who's had to deal with some of the cases mentioned above,
    > please resist the temptation to do what on the surface seems to be a
    > kind guesture.

            I think it depends on what point you catch it at. If you find the
    virus before accepting the message, and send back a "550 attachment has
    virus", then they only people who should be getting them are admins of
    open relays, right?

    -- 
    Tim Nelson
    Systems Administrator
    Sunet Internet
    Tel: +61 3 5241 1155
    Fax: +61 3 5241 6187
    Web: http://www.sunet.com.au/
    Email: 99964@xyz.molar.is
    



    hosted by molar.is