[60942] in North American Network Operators' Group
RE: To send or not to send 'virus in email' notifications?
daemon@ATHENA.MIT.EDU (Tomas Daniska)
Wed Aug 20 10:54:28 2003
Date: Wed, 20 Aug 2003 16:51:02 +0200
From: "Tomas Daniska" <tomas@tronet.com>
To: "Matthew Kaufman" <matthew@eeph.com>,
"Joe Maimon" <jmaimon@ttec.com>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
maybe the AV vendors could suply a 'to mail or not to mail' flag within
their databases, based on character of the virus...
any of them lurking here? :)
--
deejay=20
> -----Original Message-----
> From: Matthew Kaufman [mailto:matthew@eeph.com]=20
> Sent: 20. augusta 2003 16:41
> To: 'Joe Maimon'; nanog@merit.edu
> Subject: RE: To send or not to send 'virus in email' notifications?
>=20
>=20
>=20
> Absolutely not.
>=20
> SoBig.F, like many others, forges the sender address. That=20
> means that your
> notifications:
> 1) Don't make it back to the person with the infection
> 2) Simply add more clutter to the mailbox of the person=20
> whose address was
> used (in addition to all the bounce messages)
>=20
> In the enterprise, this is a great argument for scanning=20
> outbound email with
> positive identification of whose outbound mail you're scanning.
>=20
> Matthew Kaufman
> matthew@eeph.com=20
>=20
> > -----Original Message-----
> > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On=20
> > Behalf Of Joe Maimon
> > Sent: Wednesday, August 20, 2003 7:25 AM
> > To: nanog@merit.edu
> > Subject: To send or not to send 'virus in email' notifications?
> >=20
> >=20
> >=20
> > Considering the amount of email traffic generated by responding to=20
> > forged virus laden email from culprits like sobig should=20
> email virus=20
> > scanning systems be configured to send notifications back to=20
> > sender or not?
> >=20
> >=20
> >=20
> >=20
>=20
>=20
