The problem is that it is not unusual for bulk E-mailers to send out broken E-mail. If you hold their hands and let them send it, it's going to be harder to stop viruses, because many new viruses are going to use recently discovered vulnerabilities that take advantage of broken headers to bypass virus scanning.> >From my point of view, a false positive is a false positive is a false > >positive. I just need to make sure that a message has to fail more than > >theBADHEADERS test to get rejected. > > On the other hand, with this attitude, it will be impossible to stop > viruses in the future.I guess I'm a little unclear on why virus checking would have any overlap with spam checking.
In my opinion, it's best to just deal with it now, and make the people who are sending the broken E-mail fix their problem. Then, you don't have to worry about blocking their E-mail in the future due to vulnerabilities.
No -- anti-virus programs don't need to detect spam.> The problem is that detecting malformed E-mail is a very important part of > the process in stopping spam and viruses, as many spamware programs use > broken headers (or let the spammers create their own headers), and viruses > will take advantage of known vulnerabilities. I understand that it is an important part of the process for spam. I don't necessarily see what that has to do with viruses. Are a lot of Virus Protection Vendors checking broken e-mail headers to intercept spam?
What they do need to detect is broken headers that are used in vulnerabilities.
My question to you is this: Which of the following do you want to do when someone is sending broken E-mail:
[1] Not accept it (and minimize viruses that will occur in the future), or
[2] Only accept it if the broken headers to not create a known vulnerability, or
[3] Accept all E-mail with broken headers, knowing that viruses will be delivered unscanned in the future (regardless of the mailserver AV software you use)?
With Declude JunkMail (and probably any other anti-spam program that detects bad headers), you can choose #1 or #3, but not #2.
> Of course, the choice is completely up to you, and only you can know your > unique situation well enough to determine whether or not to allow such > E-mail through. Specifically what type of e-mail are you talking about?
E-mail with broken headers (E-mail that fails the BADHEADERS test).
You can take the code that Declude JunkMail creates (from the X-RBL-Warning: header or from the Declude JunkMail log file), and enter it into the "BADHEADERS Lookup" tool at http://www.declude.com/tools to find out what the problem is with the E-mail. Or, you can send the code and headers to us, and we will let you know what the problem is.Is there any way to tell what about a particular message raises the BADHEADERS flag?
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
