In any case - it's much easier for an end user to see the Reverse DNS domain name than to see an IP address and then have to try to figure out who that IP address is associated with so that they can send an email to the abuse department (in the occasional case, that someone is bombarded by an infected computer).
Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, December 27, 2003 02:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Request > < that will serve no use, as most viruses come directly from users > computers, which either will have no PTR or a generic ISP PTR, > something line 1.1.168.192.adsl- customer.mybig.isp.com.> > > That may be true in some cases. It is more that some cases. I would have to say most cases. > but in my particular situation, i had some problems with my users by > giving only the ip adress of the remote smtp server (for forging > viruses) they were more receptive when i do a dns lookup and give them > a host name. What, your users want to track the sender down? I can tell you very easily that most forging viruses come straight from the infected computer, not through a relay. Here is the message I use: ________________________________________________________________________ SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Sobig ONLYSENDIFREMOTESENDER From: [EMAIL PROTECTED] To: %ALLRECIPS% Subject: NOTICE: WE BLOCKED A VIRUS SENT TO YOU! The Virus scanning software on %LOCALHOST% has reported that you were sent an e-mail from %MAILFROM%, containing the %VIRUSNAME% virus in the %VIRUSFILE% attachment. The subject of the E-mail was "%SUBJECT%". The E-mail containing the virus has been quarantined to prevent further damage, and will be deleted automatically after 5 days. PLEASE NOTE! If the e-mail from says [Forged], this means the virus is known to forge the sending e-mail address and is therefore useless information. ----------------------------------------------------------------------- John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.