[60940] in North American Network Operators' Group
RE: To send or not to send 'virus in email' notifications?
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Wed Aug 20 10:47:48 2003
From: "Matthew Kaufman" <matthew@eeph.com>
To: "'Joe Maimon'" <jmaimon@ttec.com>, <nanog@merit.edu>
Date: Wed, 20 Aug 2003 07:41:16 -0700
In-Reply-To: <3F4384D8.7060400@ttec.com>
Errors-To: owner-nanog-outgoing@merit.edu
Absolutely not.
SoBig.F, like many others, forges the sender address. That means that =
your
notifications:
1) Don't make it back to the person with the infection
2) Simply add more clutter to the mailbox of the person whose address =
was
used (in addition to all the bounce messages)
In the enterprise, this is a great argument for scanning outbound email =
with
positive identification of whose outbound mail you're scanning.
Matthew Kaufman
matthew@eeph.com=20
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On=20
> Behalf Of Joe Maimon
> Sent: Wednesday, August 20, 2003 7:25 AM
> To: nanog@merit.edu
> Subject: To send or not to send 'virus in email' notifications?
>=20
>=20
>=20
> Considering the amount of email traffic generated by responding to=20
> forged virus laden email from culprits like sobig should email virus=20
> scanning systems be configured to send notifications back to=20
> sender or not?
>=20
>=20
>=20
>=20
