> In any case - it's much easier for an end user to see the Reverse DNS > domain > name than to see an IP address and then have to try to figure out who that > IP address is associated with so that they can send an email to the abuse > department (in the occasional case, that someone is bombarded by an > infected > computer).
I am sure the admin responsible for the mail server that is receiving the postmaster messages would be in a much better position to detect and react to bombardments, such as blocking the IP or contacting the appropriate entity if advisable. On my server, the only action I take on a forging virus is if an IP has sent more than 5 messages in 24 hours, it gets banned (Imail SMTP Control access) for 30 days. (If the user/ISP/Whoever cares enough to contact to find out why, they will be notified why.) Repeat offence is banned for 60 days. Third offence is permanent. In any case, if the virus is forging, attempts to contact the sender by the user is work at best, and the only reliable piece of information would be the remote IP or REVDNS, which again in most cases the REVDNS would require further searching and tracking down to find out the actual user at the time of the message being sent. But if you feel it best to give the user that kind of information, more power to you. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
