virus laden email from culprits like sobig should email virus scanning systems be configured to send notifications back to sender or >not?
Virus notification was great in times past. With forged addresses, now the double edged sword is pointed back at the victim system, since some of the notifications are sent to invalid domains or accounts the mail rests undeliverable in a mail queue awaiting to expire. My mail queue rose yesterday to over 100 undeliverable mails. All of these from sorbid notifications to illegal domains or accounts. I shutdown notifications ASAP, saving myself (and my systems) some processing time. The notification piece of most scanner engines need to be revamped by the software manufacturers and developers to keep up in the new trends in virii behavior (i.e. forged addresses). Someone posted that Amavis-new has this feature, and this is open source software, you imagine the commercial companies could have figured this one out by now since klez also used forged addresses. Gerardo D'Arcy J.M. Cain writes:
On Wednesday 20 August 2003 10:25, Joe Maimon wrote:
Considering the amount of email traffic generated by responding to forged virus laden email from culprits like sobig should email virus scanning systems be configured to send notifications back to sender or not?
Absolutely not. My spam filters are handling the original spam fine but I am getting tons of responses to email I didn't send in the first place. It's legitimate email from legitimate sources so the filters don't catch it but it is garbage nonetheless.
-- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Gerardo A. Gregory Manager Network Administration and Security 402-970-1463 (Direct) 402-850-4008 (Cell) ------------------------------------------------ Affinitas - Latin for "Relationship" Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net