nanog mailing list archives

Re: To send or not to send 'virus in email' notifications?

From: "Eric A. Hall" <ehall () ehsco com>
Date: Wed, 20 Aug 2003 13:47:37 -0500



on 8/20/2003 9:25 AM Joe Maimon wrote:

Considering the amount of email traffic generated by responding to 
forged  virus laden email from culprits like sobig should email virus 
scanning systems be configured to send notifications back to sender or not?


The least-harmful yet still-compliant mechanism is to reject the message
during the transfer stage, instead of during the delivery stage. If the
victim is sending their mail using an MTA that is built into the worm,
that should be the end of it. If the victim is sending the mail by way of
a real server (eg, a submission server or a smarthost), then the transfer
rejects will probaly still result in delivery failure notifications being
sent to the spoofed sender address.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

Current thread:

Re: To send or not to send 'virus in email' notifications?, (continued)
- Re: To send or not to send 'virus in email' notifications? Stephen J. Wilcox (Aug 20)
- RE: To send or not to send 'virus in email' notifications? John Ferriby (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Matthew Kaufman (Aug 20)
- Re: To send or not to send 'virus in email' notifications? Valdis . Kletnieks (Aug 20)
- Re: To send or not to send 'virus in email' notifications? D'Arcy J.M. Cain (Aug 20)
  - Re: To send or not to send 'virus in email' notifications? Gerardo A. Gregory (Aug 20)
  - Re: To send or not to send 'virus in email' notifications? Leo Bicknell (Aug 20)
    - Message not available
    - Re: To send or not to send 'virus in email' notifications? Leo Bicknell (Aug 20)
- Re: To send or not to send 'virus in email' notifications? Joe Maimon (Aug 20)
  - Re: To send or not to send 'virus in email' notifications? Daniel Senie (Aug 20)
- Re: To send or not to send 'virus in email' notifications? Eric A. Hall (Aug 20)
- Re: To send or not to send 'virus in email' notifications? Gregory Hicks (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Jim Deleskie (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Mark Segal (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Tomas Daniska (Aug 20)
  - Re: To send or not to send 'virus in email' notifications? Damian Gerow (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Brandon Butterworth (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Wesley Vaux (Aug 20)
  - RE: To send or not to send 'virus in email' notifications? Stephen J. Wilcox (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Claire Kelly (Aug 20)
- RE: To send or not to send 'virus in email' notifications? Wesley Vaux (Aug 20)

(Thread continues...)