SCV = Fundamentally Flawed (was: MyDoom Email targets)

["Erik van Straten" <emvs.fd.3FB4D11C () cpo tn tudelft nl>]

The world could be a better place if more ISP's would query Spamcop or
cbl.abuseat.org (which includes the Spamhaus.org XBL). Also ISP's
could block egress 25/tcp for dialups/dsl's that are not supposed to
run their own MTA. SPF and RMX may help (but do have nuisances - we
may have to accept).

MyDoom proves that SCV is Fundamentally Flawed. It *does not* prove
the virus sender. It *will* push spammers in the wrong direction.

On Wed, 28 Jan 2004 09:20:51 -0000 Jos Osborne wrote:
> We've has Sales@ hit repeatedly. Not sure if that's cos it's in
> people's address books or not - there definitely haven't been any
> e-mails sent out from Sales recently.

If sales <at> meltemi,co,uk was Joe-jobbed, mail (spam usually) will
have been sent using that address. It will be in people's inboxes.
BTW Googling your sales address also hits. One or more of these pages
have probably been in the cache (and/or WAB) of infected PC's.

Finally I keep telling people not to use loads of addresses in To:/Cc:
and to be careful what they publish on the web. People tend to call me
a troll. I respect those who do not do this behind my back.

Erik (plz refrain from silly Q's - Google is your friend)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html