Re: RFC: virus handling

["James C. Slora Jr." <Jim.Slora () phra com>]

Craig Morrison wrote Wednesday, January 28, 2004 4:26 PM

> Shut off notifications.

Yup.

Standardizing notifications according to some new RFC would accomplish:
1. Providing another standard message format for socially engineering virus
deliveries.
2. Adding yet another format for notifications - no such RFC would be
universally adopted.
3. Feeding us geeks more useless esoterica to discuss indignantly on the
lists - should noncompliant notifications be a new classification for
rfc-ignorant blacklisting?
4. Continuing bombardment by enough mistaken and virus-faked notifications
to make all notifications worse than useless.
5. Continuing possibilities for using MTA event-handling automation as a
virus distribution vehicle. Possibilities would be more limited, but they
would not be eliminated.
6. It would make it easier to filter the notifications, as the original
poster intended. But I would rather not get them at all when most of them
are mistaken automated notifications.

Dealing with misaddressed mail and incoming infections is boring and costly.
But automated NDRs and virus notifications just spread a larger cost out
across a mail system. They eat the time of the system, the users, their
correspondents, and possibly someone else's admin. They are a selfish way to
push the costs onto others, and probably cost an organization more than they
save in the mail admin's time.

My opinion is you should drop what bad mail you can, and deal with the rest.
Notifications are only useful when they are actionable - they have to be
well-analyzed, and they have to be sent only to people who understand them
and who have the motivation and ability to deal with them. That is a tall
order, which means there should only be a few manually reviewed
notifications.