Case in point Doug.. Current versions of Sober.U are sending mail from:
?@c-24-19-xx-xx.hsd1.wa.comcast.net (xx's to hide the actual host).
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
This definition would be making at least two of the following
1. Virus "warnings" to forged addresses are UBE, by definition.
1) Malware detection has a 0% false positive.
2) Lack of DSN for email falsely detected containing malware is okay.
3) Purported malware should be assumed to use a forged return-path.
4) The return-path can be validated prior to accepting a message.
5) SMTP should appear to be point-to-point.
6) MTAs with AV filters are the only problem.