Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Do Email Admins Make Viruses Worse?

Posted by Cliff on from the turn-off-your-automated-responders-please dept.

gripdamage asks: "Why are email administrators still sending virus bounce messages, when everyone knows viruses forge the sender? This effectively doubles the amount of email traffic due to the virus (triples in the case that the recipient is also notified). As one of the links says 'any AV software or admins that have it mis-configured [so] that it is continuing to send out notices...to forged senders, deserve to be ridiculed.' I have received 4 times as many erroneous bounce notifications, because of MyDoom , than the actual virus, so the bounce messages are much more of a problem! This is a problem deserving publicity, so that email admins will be shamed into doing the right thing." The problem is that most bounces are automated responses, the simple thing would be to turn them off. Of course, the rational of the automated response is to hopefully notify the infected user of the problem -- what a catch-22! What kind of policy would you recommend when it comes to spam, e-mail and automated responders?

4 of 126 comments (clear)

  1. Bounce the headers by aridhol · · Score: 3, Insightful

    Bounce the headers of the message, and possibly some text. Do not bounce any attachments. If the "sender" is real, they will know their own message by that; if it is fake, bandwidth is not overused.

    --
    I can't say that I don't give a fuck. I've just run out of fuck to give.
    1. Re:Bounce the headers by David+Byers · · Score: 4, Insightful

      I've yet to see a single useful bounce generated by an AV scanner, because they insist on sending the bounce to the forged sender.

      People using AV scanners need to hook them up to their SMTP servers so the SMTP server can reject the message as it is being sent. That way innocent people won't see a deluge of misdirected bounce messages.

  2. The simplest rule I would enforce. by Anonymous Coward · · Score: 3, Insightful

    If you are the admin of a mailserver, NEVER BOUNCE OR REPLY BASED ON ANYTHING EXCEPT THE INFORMATION IN THE ENVELOPE HEADER.

    I am fucking tired of seeing mail bounced to my server and email address, just because my email address (or domain) was in the From: portion of the message. They should be smart enough to take a look at the envelope portion of the header and see there is a difference.

    Also, stop notifying senders that "you may have a virus". At all. If you want to do this for your own users, that's fine - but stop sending this shit to people outside of your domain!

    And third... GAH... Where to begin. I give up.

  3. It's a subtle form of spam.. by zcat_NZ · · Score: 4, Insightful

    and should be recognised as such.

    AV vendors know damn well that 99% of viruses spoof addresses. More than anyone else, since studying viruses and figuring out what they do is their JOB!!

    The only possible excuse for this behaviour is that they get FREE ADVERTISING out of it. It's spam advertising AV software and/or mail filters, plain and simple. It should be treated the same way as any other spam.

    --
    455fe10422ca29c4933f95052b792ab2