On 16 October 2002, Sheldon Hearn said:
> However, my boss would like the intended recipient of any message that
> is bounced because of prohibited content to receive a message notifying
> her of the rejection. This is in addition to the bounce message sent to
> the sender, with which we're satisfied.
[Sheldon, I've been hanging out on this list long enough to know that you
have a clue, so don't take this personally.]
PLEASE don't do this! Generating mail in response to viruses is bad; it
violates a nascent principle that I think I will call the Principle of
Minimum Junk Mail: take no action that would increase the total amount
of junk mail on the Internet.
In particular, if your server receives a virus for target@???,
allegedly from user@???, there are a variety of possible
responses:
* Reject it at SMTP time -- the ideal solution; it makes the virus
somebody else's responsibility. If all mail servers did this,
there wouldn't be an email virus problem.
* Drop it on the floor. Not good -- false positives are always
possible.
* Save it somewhere for periodic manual review. Royal pain in
the neck with viruses, because there are so damn many of them.
* Send a "You sent us a virus!" message to user@???. Big
fat waste of time and resources for everyone, because more than
likely the virus just forged user@???, and his PC isn't
the infected one. This violates the Principle of Minimum Junk
Mail.
* Send a "We intercepted a virus for you!" message to
target@???. This, IMHO, is the dumbest response
of all: you've just substituted one junk email for another.
Unless your users actually use Outhouse and are vulnerable to
viruses, then why bother to block the virus in the first place?
Even worse is to assume that the address in the "To" header
is the recipient of the virus. Here's what happens:
- virus sends message to a mailing list, say foo-list@???
(with "To: foo-list@???")
- some.domain doesn't detect the virus, and sends it on to
all foo-list subscribers
- target@??? happens to be one of those subscribers.
A stupid virus detector will then decide, "Oh! I'd better
block this virus and tell the recipient what a wonderful
deed I have done!". A *really* stupid virus detector will
conclude that the recipient is foo-list@???, and
the whole list will get a *second* piece of junk mail.
ARrgghh!
--
Greg Ward <gward@???> http://www.gerg.ca/
I just read that 50% of the population has below median IQ!