Why Do Email Admins Make Viruses Worse?

gripdamage asks: "Why are email administrators still sending virus bounce messages, when everyone knows viruses forge the sender? This effectively doubles the amount of email traffic due to the virus (triples in the case that the recipient is also notified). As one of the links says 'any AV software or admins that have it mis-configured [so] that it is continuing to send out notices...to forged senders, deserve to be ridiculed.' I have received 4 times as many erroneous bounce notifications, because of MyDoom , than the actual virus, so the bounce messages are much more of a problem! This is a problem deserving publicity, so that email admins will be shamed into doing the right thing." The problem is that most bounces are automated responses, the simple thing would be to turn them off. Of course, the rational of the automated response is to hopefully notify the infected user of the problem -- what a catch-22! What kind of policy would you recommend when it comes to spam, e-mail and automated responders?

It's not accidental, it's spam

[menscher]

The companies that are doing this know very well that the viruses forge the From: header. If they wanted to warn senders, it would be trivial to put in a check of whether this virus, which they can identify, has the "forges-the-From:-header" bit set, and not respond to those.

But this doesn't serve their purposes. Their goal, in the event of a virus outbreak, is to advertise. When people are getting viruses, they start looking for AV software, and that's the perfect advertising opportunity.

I always write back to the postmaster@domain to complain that their software is advertising, and I include a Cc: to the AV vendor, so they can see the negative publicity that results. It might help if everyone else did the same....

It's an advertisement

[Mr.+Darl+McBride]

Have you ever seen a bounce message that didn't plaster the software's name all over it multiple times?

It's an advertisement, pure and simple. It's entirely to the software manufacturer's benefit to take the opportunity to advertise to third parties with you as the middleman.

And it works. I've had grey haired suits forward bounce messages to me to ask about the other products, asking whether we might want that instead of or in addition to the package I'd already put in place for them.

Re:bounces are good

[dabuk]

He's not saying not stop all bounces. That would as you say be unhelpful. Instead he's saying why does a virus detection program, that knows a virus forges the from address, send a message to the the "sender" when they never sent the original message.

I don't administer any of these programs, but I imagine they all do have the ability not to send these messages, but someone's got to change the settings.

It's a subtle form of spam..

[zcat_NZ]

and should be recognised as such.

AV vendors know damn well that 99% of viruses spoof addresses. More than anyone else, since studying viruses and figuring out what they do is their JOB!!

The only possible excuse for this behaviour is that they get FREE ADVERTISING out of it. It's spam advertising AV software and/or mail filters, plain and simple. It should be treated the same way as any other spam.

Re:Bounce the headers

[David+Byers]

I've yet to see a single useful bounce generated by an AV scanner, because they insist on sending the bounce to the forged sender.

People using AV scanners need to hook them up to their SMTP servers so the SMTP server can reject the message as it is being sent. That way innocent people won't see a deluge of misdirected bounce messages.

Bouncing viruses

[HTH+NE1]

Are we certain that they are bounces and not just viruses pretending to be bounces? The pattern of the messages I've received suggest to me that the viruses are trying to conceal themselves (poorly) as bounce messages.