Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: To send or not to send 'virus in email' notifications?

  • From: Eric A. Hall
  • Date: Wed Aug 20 14:52:22 2003


on 8/20/2003 9:25 AM Joe Maimon wrote:

> Considering the amount of email traffic generated by responding to 
> forged  virus laden email from culprits like sobig should email virus 
> scanning systems be configured to send notifications back to sender or not?

The least-harmful yet still-compliant mechanism is to reject the message
during the transfer stage, instead of during the delivery stage. If the
victim is sending their mail using an MTA that is built into the worm,
that should be the end of it. If the victim is sending the mail by way of
a real server (eg, a submission server or a smarthost), then the transfer
rejects will probaly still result in delivery failure notifications being
sent to the spoofed sender address.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.