[Dshield] e-mail ettiquette
lists at webcrunchers.com
Thu Aug 21 00:52:19 GMT 2003
>On Wed, 2003-08-20 at 11:23, Johannes B. Ullrich wrote:
>> Just a quick note:
>> Please make sure that your virus filter is NOT
>> sending notifications to the sender of the virus. Sobig, and most recent
>> viruses, spoof the sender. As a result, innocent people (like myself)
>> are flooded with notifications.
>The sanitizer makes a minimal attempt to be "smart" about sender
>notifications: they are only sent if the Received: header chain seems to
>support the sender's domain.
>For example, if a worm forged a from address of jhardin at impsec.org, and
>none of the Received: headers indicated an impsec.org relay, then the
>sender notification would be suppressed.
This is NOT a good idea, because most receiver headers are going to have
reverse DNS strings, and would normally just be an IP address....
More information about the list