----- Original Message -----
From: "Cliff Sarginson" <[EMAIL PROTECTED]>
To: "Subscribers of Qpopper" <[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 9:10 PM
Subject: Re: Relaying Denied
> The only thing I would add is that the discussion has shown a lot
> of people cannot differentiate between spam mail and virus-infections.
> They seem to have them all jumbled up in their minds as the same
> thing.
No, they have not. :) What they have argued, though -- and successfully so,
as far as I'm concerned -- is that when it comes to contacting the "sender"
of either a spam or a virus-infected email, there is indeed no difference
with regard to the ability, or rather: inability, to determine who the real
sender is.
The inability to determine the real sender extends to SMTP AUTH even, which
does essentially no more than telling you that the sender was authorized to
relay. Since headers, in the SMTP protocol, are part of the DATA stream,
they can be easily faked; or rather, as any other data, they can pretty much
be what you want them to be, save you adhere to their prescribed format.
A mail "wrapper" (such as Sendmail), can, at best, make some marginal checks
on the headers, as to whether sender's hostname resolves, etc. But even that
feature should not be mistaken for authorization; it is, at best, a failsafe
against typos.
So as to make a small contribution to this discussion as well, I have only
two more points to make; for your consideration...
Spam is unsolicited email. Spam is more than just unsolicited email, but is,
by its very definition, always unsolicited. Hence, it must follow that the
remedy to unsolicited email can never, itself, be unsolicited email.
A virus-infected email is, by its very definition, "ill"; that is, even if
you could before (which you cannot, see above), after you made the
determination that an email is infected, you should not trust any part of
that email to contain valid information; the fact that it contains a virus
is proof, in itself, that is has been tampered with. Either a bonafide email
was intercepted, and changed along the way, or it originated as a complete
fake to begin with. Whatever the cause, though, you can no longer trust it;
and especially not for information you cannot even trust when dealing with a
non-infected email: the real sender.
Bottom line: do not send autogenerated replies to the "sender" of either
spam or virus-infected email.
N.B. Do, for instance, what I do. I send out a monthly virus-report to my
users; it tells them who tried to send them a virus-infected email, and who
they, themselves, tried to send one to. Should they recognize certain people
on the list that they feel comfortable enough contacting about it, then I
leave such determination up to them.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
