On Fri, 7 Nov 2003, Noel Clarkson wrote:
> my advice would be to resist the urge to send anything back to the email
> address that the virus came from. I know that it seems like a good idea
> to warn people that they might have a virus, but almost all of the newer
> viruses that are propegating these days have spoofed addresses. Some of
> these are made up addresses that won't go anywhere and might bounce back
> to you (so you have to deal with them), some of them go to the sys admin
> of the domain used and they have to deal with them (which wastes their
> time). Others end up with a person who is not infected but was in the
> address book (or their email appeared on a cached web page etc) of the
> person who is infected, and the person who isn't infected panicks
> unnecessarily. The most insidious of them have addresses picked by the
> virus writer of a domain that they don't like for some reason and so
> that domain then gets swamped with this sort of automatic message reply
> for messages they never sent (and it also doesn't do their reputation
> any good as far as all those who don't realise that the domain in
> question had nothing to do with it). So for the (very) few cases in
> which you might help someone realise they have a virus, you'll problaby
> send thousands of warnings that will cause more harm than good.
>
> As someone who's had to deal with some of the cases mentioned above,
> please resist the temptation to do what on the surface seems to be a
> kind guesture.
I think it depends on what point you catch it at. If you find the
virus before accepting the message, and send back a "550 attachment has
virus", then they only people who should be getting them are admins of
open relays, right?
-- Tim Nelson Systems Administrator Sunet Internet Tel: +61 3 5241 1155 Fax: +61 3 5241 6187 Web: http://www.sunet.com.au/ Email: 99964@xyz.molar.is