[Mailman-Users] Re: Sobig forces unsubscribes
John W. Baxter
jwblist at olympus.net
Thu Sep 4 06:01:18 CEST 2003
On 9/2/2003 16:34, "Will Yardley" <william+mm at hq.newdream.net> wrote:
> However, I think it's a good
> overall policy to reject any message that's not delivered - with any
> sort of filter based on content, you're running a risk of rejecting
> legitimate messages, so it's important that the sender realize the
> message wasn't delivered.
It's arguably a decent overall policy, but it fails in the case of Sobig-F
which ordinarily forges the sender. Bouncing Sobig amounts to an attack on
an innocent party...particularly if more than a smallish part of the
incoming message is included.
Other worms munge the envelope sender [SMTP MAIL FROM: command] (for example
by incrementing or decrementing the second character of the envelope sender
local part [Magistr, at least some of the Magistr versions] but leave the
From: "real"); others munge "From:" but leave the envelope sender real.
So unless you want to build a table of viruses and worms and the right way
to bounce or not bounce, and maintain it for new inventions, it's become
kinder not to bounce, but to drop on the floor. Likewise, sending a notice
to postmaster at the.forged.domain doesn't accomplish anything either (those
messages get tossed unread).
"Reliable mail delivery" has suffered blows from both the Spammers and the
worm/virus crowd, and doesn't exist any more.
It will be nice to retire and give up all my email accounts.
--John the Pessimist
More information about the Mailman-Users
mailing list