on 8/20/2003 9:25 AM Joe Maimon wrote:
Considering the amount of email traffic generated by responding to forged virus laden email from culprits like sobig should email virus scanning systems be configured to send notifications back to sender or not?
The least-harmful yet still-compliant mechanism is to reject the message during the transfer stage, instead of during the delivery stage. If the victim is sending their mail using an MTA that is built into the worm, that should be the end of it. If the victim is sending the mail by way of a real server (eg, a submission server or a smarthost), then the transfer rejects will probaly still result in delivery failure notifications being sent to the spoofed sender address. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/