--On 24 February 2010 08:52:39 -0600 Steven Stern
<subscribed-li...@sterndata.com> wrote:
Checking outgoing mail is pointless. Why bother?
If I were mailing malware, I'd be sure to mark that it had been scanned,
approved, and was safe to open.
That has no bearing on whether it's useful for me to scan mail emitted from
my network. Sure, there's no point *marking* my outbound mail as scanned or
not, because (as you imply) the recipient cannot trust that the markup is
true. And, there's no standard way of marking mail as scanned, so it's
vanishingly unlikely to help.
We scan outbound mail, but we don't mark it up.
It's necessary because a single compromised machine can emit thousands of
emails an hour, and that surely would be likely to impact the reputation of
my IP range. Furthermore, as the world cracks down on email submitted
through third parties, and it is becoming easier to deploy domain
reputation services, such bad behaviour would begin to impact on my domain
as well as my network.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
