So yes. We've discussed blocking sobig at length today.
Now lets discuss the #2 threat to my email.
The unending barrage of MTA errors that sobig causes from spoofed from
addresses.
So far, I've gotten
23 from AOL's Mail Delivery Subsytem - for user unknown or mailbox
full (70k a pop -- i can't believe i'm not getting more)
3 in Czech(?) screaming "!!! POZOR !!!" because "ANTIVIRUS SYSTEM
FOUND VIRUSES"
1 from "Sender, InterScan has detected virus(es) in your e-mail
attachment." - originating in italy
And a bunch of other ones that aren't as colorful -- just to my
spamtrap address.
Does anyone have an idea of what to do?
It makes me think into the future -- it would be kinda nice if MTA's
kept a DB of outgoing mails -- keys are ids, values are recipients.
The DB would flush values 72hrs or older. When the MTA receives a
reject bounceback, it would check to see if it actually sent that
message. If so -- relay the error to the sender. If not, the message
is a virusspoof or joejob, and it can just dev/null it. (or is this
just a bad idea?)
in any event, anyone have ideas for today?