I did include that tidbit in the "I apoligize about the mistake, your a casualty for the greater good" email response I sent to the complaining postmaster. I tried to convince him that I was doing him a favor by letting him know that his email addresses were being used by spammers. :-)
The only bad portion of the whole thing is that Declude hides the headers of the original email "due to potentially dangerous content" - which I fully understand - but it doesn't give him the tools for him to track this down without my manual intervention. - Tony > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff > Sent: Friday, March 08, 2002 12:36 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Identifying the right postmaster to send > virus notifications to > > > Here is another interesting though after reading Scott's reply: > > That postmaster that is receiving those messages should maybe follow up > and complain to the originating ISP about that, not to you. > > John Tolmachoff > IT Manager > Network Engineer > 211 E. Imperial Hwy., Suite 106 > Fullerton, CA� 92835 > 714-578-7999, ext. 104 > [EMAIL PROTECTED] > www.reliancesoft.com > � > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry > Sent: Friday, March 08, 2002 8:11 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Identifying the right postmaster to send > virus notifications to > > > >Below are the headers of a message that got caught by the CR > vulnerability > >test in Declude Virus. I got an email from the > >[EMAIL PROTECTED] bitching me out because I was an idiot, > as an > >admin I should know how to read headers, and that the headers clearly > >indicate that this email had nothing to do with @mypersonalemail.com, > and > >that my bounce messages getting sent to him are just as bad as the spam > they > >are generated from. From what I can tell, he's really right (except > about > >the idiot part. :-)). > > The remote postmaster bounce messages by default go to the postmaster at > > the domain that was used to send the message, which is often NOT shown > in > the headers. That's the "return address"; the same address that bounce > messages will go to. > > >X-Intouch-Note: Sender:[[EMAIL PROTECTED]] > > In this case, the spammer used an address at mypersonalemail.com for > bounce > messages to go to, so that is the address that Declude sent > to. Unfortunately, spammers often forge addresses that they use. This > can > cause collateral damage to the postmasters at those domains (who people > will send spam complaints to), as well as notifications such as these. > > >How can we handle this? We don't want to disable notifications > altogether > >(and I think that's our only option in D.Virus, on or off). Most (if > not > >all) of the CR catches are SPAM. Can notifications for ALL other tests > that > >Declude Virus does be seperated from the 'generic' virus notification, > much > >like the bannotify.eml does? > > That is something that we are planning to add. In the meantime, it is > possible to turn off the Outlook CR Vulnerability test (with a line > "BANCRVIRUSES OFF" in the virus.cfg file). > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
