At 20:36 9/02/03 +0100, you wrote:
Sorry, but how does a reverse DNS lookup prove the sender is who they say they are ? It does no such thing.On Sun, Feb 09, 2003 at 11:43:01AM -0500, Alan Brown wrote: > On Sun, 9 Feb 2003, Cliff Sarginson wrote: > > > I "solve" 2 by running antivir on the mail server. This quarantines mail > > containing viruses, sends a message to the intended recipient to say it > > has done so and a message to the sender, > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > So you're one of the bastards with malconfigured scanners mailbombing me > with virus warnings thanks to most worms using forged addresses. > No I am not. Since I don't in the whole history of my virus checker it has detected 2 emails with viruses in them. 2, yes 2. I don;t hang out in circles where many viruses get sent to me. Besides which I believe it does a reverse DNS lookup first to check that the sender is who he says he is. If I though I was causing a mailbomb I would stop it.
No, it sounds like you don't understand the problem, or how mail is sent.> Gee, thanks. What makes you think it's much different to any other form > of spam?It isn't Spam, in many cases it is accidental. I am not a bastard, and I suggest you cntrol your language and name-calling on a mailing list when you are not in possession of the facts. I happen to now what I am doing. You might ask yourself why is *someone* forging *your* email address ? It sounds to me like any misconfiguration is on your side.
When most viruses send themselves, they *forge* the envelope sender address. This is trivially easy for them to do, as the SMTP protocol does not (and can not) verify the sender is who they say they are.
Usually viruses pick an email address at random from the Outlook Express address book or Internet Explorer cache, and use that for the envelope sender address.
Any virus scanner which replies to the "sender" will reply to this forged address who is, in most cases, an innocent bystander, and *NOT* the person whose computer sent the virus.
It only takes one computer somewhere on the internet spewing out viruses with an innocent bystanders email address as the return address to completely swamp the innocent party with virus reports telling them they have a virus....
Believe me, it happens, I've seen the results...
Regards,
Simon
