Full Disclosure mailing list archives
Fighting useless notification mails
From: Marc Ruef <marc.ruef () computec ch>
Date: Tue, 30 Mar 2004 12:44:05 +0200
Dear list,Viruses and worms that spread as mail attachments are filling our inboxes day for day. Most of this nastly little monsters are able to generate random or faked from addresses.
I receive dozents of automaticly generated notification mails that presume I sent a not allowed attachment. I am pretty shure that this is not true. Many different facts are able to verify this statement (e.g. sending time, SMTP routing, source IP address).
In some cases it may be useful to notify a sender that his host is spreading malicous code. But I would like to see that antivirus vendors enhance their databases and save standardized the information if a mail worm is able to generate random or faked source addresses. If this may be given, antivirus solutions should _not_ send a notification to the presumed sender anyway, because it makes absolutely no sense. So it may be possible to break down the whole useless notification spam that doubles the annoying virus mail traffic.
Yours, Marc -- Attack Tool Kit - Enhance your pen-tests http://www.computec.ch/projekte/atk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fighting useless notification mails Marc Ruef (Mar 30)
- RE: Fighting useless notification mails Steve Wray (Mar 30)
- RE: Fighting useless notification mails Steffen Kluge (Mar 30)
- Re: Fighting useless notification mails Alexander Neumann (Mar 31)
- RE: Fighting useless notification mails Bojan Zdrnja (Mar 30)
- RE: Fighting useless notification mails Steffen Kluge (Mar 30)
- RE: Fighting useless notification mails Steve Wray (Mar 30)