We don't send sender notifications. It is bad Netiquette in the current Trojan environment. It is bad for email lists, it is bad for IT departments and it is bad for individual users.
However, we do look at the recipient and administrative notifications. If it is klez, sobig, etc. we pretty much ignore it. If it is something else we look at the headers and see if we can trace it. If we can, we send a notification. A little extra work for us, but we are not causing extra work for others by doing it this way. That is where the above "bad Netiquette" comment comes from. Best Regards, Dan Bartley -----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 11:56 To: Exchange Discussions A simple change in the notification could solve this problem. You could say "your system might possibly be infected with a virus" or something along those line. But the problem of spoofing your trying to get across is more of a problem with e-mail in general then with anti-virus software. What going to happen when p*rn spammers start sending messages to users as [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harmer, Michael Sent: Tuesday, June 10, 2003 8:49 AM To: Exchange Discussions Subject: RE: Virus Notifications to Sender? Ah, but "Don't send me viruses and I won't send you those notifications in the first place." is the flaw. They did not send you the virus. They mearly were member of some distribution list, had their e-mail on a web site, or corrisponded with the person that was actually infected. Unfortunatly, in your desire to 'assist' those that have no technical ability(A noble cause), you send many messages to people who have done you no wrong. 99 out of 100 times your sending someone a message that indicates that they are infected. This causes any responsible person to panic, scan their system, and find nothing. In the end this has as much or more 'cost' as most of the viruses put together. There is nothing wrong with sending the message if you are 99% sure the from or reply address is correct, but otherwise, your risking offending people and causing increases in costs for other companies and individuals. Here are a couple of possible situations that currently can happen. 1 : The CEO of your company is the member of a Senior Executive group and they have a mailing list. Someone who is infected visits the web site for the group, which has the posting e-mail list on it. You receive a infected message to someone inside your network. Your system replys with the 'Your Infected' e-mail. Your CEO gets a copy. He has his favorite computer savvy family member check his computer. The family member says that the computer is fine and that the message was incorrect. The CEO is displeased at the wasted time trying to fix a unknown problem. You get a memo the next day, one that I doubt would be plesant. 2 : Assume that your company values corprate relations. Some random person is infected with one of these spoofing viruses. They had visited the web site for a company that your company values in the corprate relationship sense. Note that the value could be any number of things. The other companies web site had a sales or management e-mail address for contacting them. This random person sends to you the virus with the other companies list address. You will be sending a message that WILL cause the other company expense and frustration. That WILL damage relationships with that company. Will it break them, probibly not, but you can not say with 100% certainty that it will not. Yes, the other company could have had a virus of the non-spoofing kind, but your job is to protect your computers first, and I assume you have done that or this conversation would not be happening. So it costs you nothing if they send you a virus short of the continued maintence costs for the software. Which you will have to spend anyway as there will always be > 0 viruses in the wild. Responding that they have a virus in the case of a non-spoofing virus is fine, few would argue that it is not fair. However, the problem is that now the viruses are lieing about where they came from, so the increadbly simple rules of the past are no longer just or safe for our carears. What we need to do is get the mail monitor product vendors to get some smarts and add the ability to suppress mail back in the case of a spoofing virus. That way you could continue to crusade to end viruses and not risk anything. Untill then, I disagree with punishing innocent people and letting the criminal go free. --------------------------------------------- Michael --------------------------------------------- -----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 11:14 AM To: Exchange Discussions For us the 1% just happened to be one of our employees mother. She was receiving those "what was that strange message you sent?" for at least 3 months from people. It wasn't until she sent a message here, got one of our virus notifications and then eventually asked me about it, that the problem got cleared up. This was some 70ish year old woman that uses her computer for e-mail, small time web surfing, the occasional online banking session, and the perfect target for virus writers. For me it's more then worth it if you can help one person from sending viruses to the rest of us. If I get accused of being a spammer for sending those notifications, then so be it. Don't send me viruses and I won't send you those notifications in the first place. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harmer, Michael Sent: Tuesday, June 10, 2003 6:32 AM To: Exchange Discussions Subject: RE: Virus Notifications to Sender? First, let me say that I understand what your saying if you are saying that you are concerned about the 1% and wish to help make the internet a better place by assisting them to control viruses on their computers. Now for my POV The one percent are basically causing the hardliners to spam the rest of us. Because most of the virus mail you receive is spoofed, leaving on the warning send back is the same as spamming. Basically you will be accusing someone of having a virus that they do not have, generating bad will between your company and the one you just spammed. I am speaking from person experience. One company late last week, sent us 5 e-mails indicating that we were infected with the active virus at that time. We were not infected, but because we are good admins, we sat down and verified that we were not infected, wasting our time. We knew the virus lied about the FROM address, but we checked anyway just to be safe. We then called the offending party(The company that spammed us). They told us we were infected and we deserved to get the message. Needless to say, we informed them what the virus does, and they said they could do nothing about the messages as they wanted to stop others from spreading infection. BTW, did I mention that their e-mail said that we wasted their time because we did not have a e-mail scanner on our systems? Needless to say, I will probably never do business with that ISP. They proved that they did not care about corporate relations, proper etiquette or virus control in general. The other problem with this is that the hardliners are propagating a 99% false positive system. If my AV system was that bad, I would get a new one. Heck my spam system does better that 3% false positive. What is worse is that the false positives are going to people who did not 'sign up' in the first place.(Hence the spam title) Basically, to me, this comes down to a matter of fairness. If the hardliners believe it is ok to call 100 people 'jerks' just because one of them has a foul mouth, go right ahead, but they will find it hard to make friends. If on the other hand, they instead pay attention to what your receiving and respond only where you have proof of 'jerkiness', they will have no problem making friends and they will make the community much happier. (No one likes a jerk) Michael --------------------------------------------- -----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 11:54 AM To: Exchange Discussions Yea but what about that 1% that has no clue their sending out viruses? <SNIP> _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]