In message <[EMAIL PROTECTED]>, John Payne writes: > > >--On Wednesday, June 25, 2003 23:37 -0400 "Steven M. Bellovin" ><[EMAIL PROTECTED]> wrote: > >> And I've gotten bounces from mail allegedly from me. It's not L3's >> fault; this particular worm forges From: lines on its email. > >fault is debatable. Because forgeries are now so common, particularly in >worms, why would you send these notifications to anyone other than the >recipient? Let the human decide if the right thing to do is notify the >sender. > > Personally, I blame the anti-virus companies who market the software. They know which viruses forge From: lines; why should their "alert the poor infected fool" software send notes to folks whose addresses are being spoofed?
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)