nanog mailing list archives
RE: Clueless anti-virus products/vendors (was Re: Sober)
From: Daniel Senie <dts () senie com>
Date: Mon, 05 Dec 2005 01:24:52 -0500
At 10:27 PM 12/4/2005, Church, Chuck wrote:
What about all the viruses out there that don't forge addresses?
As others have noted, these are so far lost in the noise as to not be a factor.
Sending a warning message makes sense for these.
Why? Because you need to be the one to tell the sender they are infected? Let sites patrol their own users.
Furthermore, if you did your virus scanning during the SMTP transaction, you'd be able to send back a 5xx error response during the transaction, thereby avoiding any concern about spamming an innocent third party.
Unless someone has done the research to determine the majority of viruses forge addresses, you really can't complain about the fact that the default is to warn.
As others have noted, the vendors can and should know.
Calling vendors 'clueless' because a default doesn't match your needs
Excuse me, I think you may notice that a LOT of folks have piped up on this issue. The simple fact is as configured many vendors spam third parties adding to the noise floor. While backbone operators might in fact make a bit extra as a result, those of us who actually pay for bandwidth do not appreciate it. We certainly can and do blacklist sites that hammer us with bogus bounces, just the same as we'd block any company knowingly sending us undesired email.
is a little extreme, don't you think? The ideal solution would be for the scanning software to send a warning only if the virus detected is known to use real addresses, otherwise it won't warn.
See question above, re: why do you think it's your systems' place to police the rest of the Internet, sending warnings out? Either reject virus-laden email during the SMTP session, or quietly own it (and dispose of it).
Chuck -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Todd Vierling Sent: Sunday, December 04, 2005 4:53 PM To: W.D.McKinney Cc: nanog () merit edu Subject: RE: Clueless anti-virus products/vendors (was Re: Sober) On Sun, 4 Dec 2005, W.D.McKinney wrote: > > (Virus "warnings" to forged addresses are UBE, plain and simple.) > > Since when? I disagree. UBE = "unsolicited bulk e-mail". Which of those three words do[es] not apply to virus "warning" backscatter to forged envelope/From: addresses? Think carefully before answering. -- -- Todd Vierling <tv () duh org> <tv () pobox com> <todd () vierling name>
Current thread:
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors), (continued)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Michael . Dillon (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Per Heldal (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Stephen Sprunk (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Michael . Dillon (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Niels Bakker (Dec 08)
- Re: Clueless anti-virus products/vendors Florian Weimer (Dec 07)
- RE: Clueless anti-virus products/vendors (was Re: Sober) Daniel Senie (Dec 04)