On Tuesday, June 04, 2002, Roelof Otten wrote... ACM>> How often does a spammer send infected mail. Is it a good idea ACM>> to automate the sending of notification messages to the ACM>> originator?
> It's not a very good idea to send notifications to the 'presumed' > originator. There are viruses that alter the sending address and > there are viruses that take two addresses from your AB, one to send > to and one to put in the from. I agree... and with the recent Klez, it even 'spoofs' the addresses from websites the user has visited, as well as the users address book. > Sending automatic notifications often results in bouncing messages > and false alarms and the latter are harmful, you can cry wolf once > to often. True... but in some cases (like a Klez version), a Return-Path is set (cannot work out if that was bad coding, or an accident yet), which is the real sender of the virus. The mail scanning software we run sends to the return-path if set, and only replies if I ask it to. I've only had one bounce, and that is because the infected user no longer had an account with the ISP that was in the return path, they'd just not updated something yet. -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.60m FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com