Slashdot Mirror

gripdamage asks: "Why are email administrators still sending virus bounce messages, when everyone knows viruses forge the sender? This effectively doubles the amount of email traffic due to the virus (triples in the case that the recipient is also notified). As one of the links says 'any AV software or admins that have it mis-configured [so] that it is continuing to send out notices...to forged senders, deserve to be ridiculed.' I have received 4 times as many erroneous bounce notifications, because of MyDoom , than the actual virus, so the bounce messages are much more of a problem! This is a problem deserving publicity, so that email admins will be shamed into doing the right thing." The problem is that most bounces are automated responses, the simple thing would be to turn them off. Of course, the rational of the automated response is to hopefully notify the infected user of the problem -- what a catch-22! What kind of policy would you recommend when it comes to spam, e-mail and automated responders?

Everyone and their brother has something to say about the silly and incoherent ADTI paper released yesterday. It doesn't even seem worth the effort to me - it's so internally inconsistent that I can't imagine it convincing anyone of anything. Nevertheless, David Skoll of Roaring Penguin has a good rebuttal, and Newsforge ^? pointed out that the MITRE study that's been kicking around for so long is now public, and took a look at the differences between the two. Update: 06/11 18:43 GMT by M : Another rebuttal, by John Viega and Bob Fleck of Secure Software.