It does not matter how the virus sends the mail, all at once in the to field, individually, reverse order, random blah blah, none of it matters.. Having a bogus address in your address book will not stop any of them.
Your mail client never connects to the intended receipients mail server. Your mail client does not get put into a "hold" status waiting to verify that an email was successfully sent to the intended reciepient. When sending mail, your client (Pine, elm, Outlook, Eudora etc) connects to your SMTP server and drops the mail, the server sends an acknowledgement to your client that yes, I did get your outgoing mail, disconnects you and forwards it on, your client has now returned to operation fully ready to send more. The only indication you will ever get about a bad email address is from the final reciepients mail server if the user did not exist, or from your mail server stating the domain could not be found (there are others but beyond the scope). Either way, your mail client knows nothing of this (other then you getting a new mail) and can still be happily sending out hundreds more. In simpler terms... Compose a mail to [EMAIL PROTECTED], send it then create one to your friend. Did Outlook, Pine, Elm etc.. stop or prevent the mail from getting to your friend because the fake_address did not get through? No, all you got was a new email from [EMAIL PROTECTED] saying your mail to fake_address was undeliverable.. Same thing with the virus accessing your address book. You may get a bounce back but the others got through fine... On 19 Nov 2002 at 13:11, Jim wrote: > This ruse has been touted for quite some time,sometimes they just tell > you to put your address at top so you will have a warning.Upshot is it > precludes; does the worm/virus only sent one e-mail at a time,does it > start secquencially from first to last? (must make sure the black hats > follow the rules)It's very similar to one of those dice-o-matics sold on > TV..looks great till you buy it. :-)