Sure will. Sorry about that. This is my sender.eml file as exists in the Delude directory in the IMail folder. Feel free to plagiarize.
-----START sender.eml----- From: [EMAIL PROTECTED] To: %MAILFROM%, abuse@%SENDERHOST% Subject: WARNING: VIRUS FOUND by the WHTVCable e-mail virus detection system. This is an automated response by the WHTVCable e-mail Virus detection system. http://www.whtvcable.com It reports that %MAILFROM% sent a virus with the subject "%SUBJECT%" to: %ALLRECIPS%. The E-mail containing the virus %VIRUSNAME% within the file %VIRUSFILE% has been quarantined on our mail server to prevent further spread of the virus. Our virus detection system only removes viruses from email, it's likely that the originating computer system is still infected and should be cleaned immediately. For your convenience, you can find specific virus removal programs at http://www.symantec.com/avcenter/tools.list.html For additional information on virus programs please visit one of the following web sites: http://www.symantec.com or http://www.mcafee.com Because of the nature of some viruses that change the reply-to address to make this notification unsendable to the original recipient, this message has also been sent to abuse@%SENDERHOST%. Original Header information is as follows: %HEADERS% -----END sender.eml----- It tries to send a message to both the original sender, and also to the abuse@ of their domain. Fortunately, RFC says that abuse@ should exist for every domain. We've gotten some really interest responses from domain administrators. And it has also given me great opportunity to inform some domain admins that they don't have the abuse@ account. IMPORTANT: Most abuse accounts want the original header information, so I just included it at the bottom of the message. A user getting it back doesn't really care about it, and the domain admin will then already have what they need to track down the offending person. If you'd like to check your domain for proper set-up, Declude has links to some great tools. In the event that I get a bounced abuse@ message, I manually track down a valid contact and forward them the bounced abuse message with the following. Again, feel free to plagiarize. I normally change the PUTYOURDOMAINNAMEHERE for them so all they have to do is click the link: -----No Abuse Message Start----- Your domain name has no abuse@ account. Mail servers are expected by RFC2142 to accept mail to abuse. Please refer to the following link to better understand the correct configuration of your domain. http://www.dnsstuff.com/tools/dnsreport.ch?domain=PUTYOURDOMAINNAMEHERE You are likely receiving this message because our automated email virus scanning system attempted to notify your abuse account of a virus originating in your domain name. Further details about that should be below. Thanks -----No Abuse Message End----- Happy notifying. Trent ----------- Trent M. Davenport - Systems Administrator Northern Television Systems Ltd - WHTV 203-4103 4th Avenue, Whitehorse, YT Y1A 1H6 (867) 393-2225 X204, (867) 393-2224 FAX www.whtvcable.com <http://www.whtvcable.com> ( [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven Copeland Sent: February 26, 2002 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] OT - Is there any validity to this Trent, how did you change Declude to do this? Mind sharing with the rest of the group? Steven > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Trent M. > Davenport > Sent: Tuesday, February 26, 2002 10:39 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] OT - Is there any validity to this > > > When it comes to viruses that search through actual emails, cookies and of > all places your browser cache, in addition to your address book to find > email addresses, if in fact it happens to pick that particular message out > of the thousand it likely finds on your machine, it would only act as a > warning. > > With a lot of viruses now having their own SMTP servers built in, the only > alert you may get is the returned email message. That is unless the virus > changes your reply-to address like the Magistr.32768 virus does. > > We had to set up our Declude to notify abuse@originatingdomain as well as > the user, because the Magistr.32768 virus changes the reply-to and the > original user never receives the notification that they either > had tried to > send to a bad address, or that they were infected with a virus. > > Trent > ----------- > Trent M. Davenport - Systems Administrator > Northern Television Systems Ltd - WHTV > 203-4103 4th Avenue, Whitehorse, YT Y1A 1H6 > (867) 393-2225 X204, (867) 393-2224 FAX > www.whtvcable.com <http://www.whtvcable.com> ( > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ) > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Alan Shepro > Sent: February 26, 2002 6:16 AM > To: Imail Forum > Subject: [IMail Forum] OT - Is there any validity to this > > > I received this email the other day and was wondering if there is any > validity to this. The concept seems plausable but I want some second > opinions. > > Thanks, > Alan > > --------------- > I Learned a computer trick today that's really ingenious in its > simplicity. > > As you may know, when/if a worm virus gets into your computer it heads > straight for your email address book and sends itself to everyone > in there, > thus infecting all your friends and associates. This trick won't keep the > virus from getting into your computer, but it will stop it from using your > address book to spread further, and it will alert you to the fact that the > worm has gotten into your system. > > Here's what you do: first, open your address book and click on > "new contact" > just as you would do if you were adding a new friend to your list of email > addresses. > > In the window where you would type your friend's first name, type in !000 > (that's an exclamation mark followed by 3 zeros). > > In the window below where it prompts you to enter the new email address, > type in "WormAlert." Then complete everything by clicking add, > enter, okay, > etc. > > Now, here's what you've done and why it works: the "name" !000 will be > placed at the top of your address book as entry #1. This will be where the > worm will start in an effort to send itself to all your friends. But when > it tries to send itself to !000, it will be undeliverable because of the > phony email address you entered (WormAlert). If the first > attempt fails (which it will because of the phony address), the > worm goes no > further and your friends will not be infected. > > Here's the second great advantage of this method: if an email cannot be > delivered, you will be notified of this in your In Box almost immediately. > Hence, if you ever get an email telling you that an email addressed to > WormAlert could > not be delivered, you know right away that you have the worm virus in your > system. You can then take steps to get rid of it! Pretty slick huh? > > If everybody you know does this then you needn't ever worry about opening > mail from friends. Pass this on to all your friends that don't > appear on the > list I sent to in this mailing (Mutual friends) I suspect they will > eventually find > a way around this too. > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
