Here's the problem with not performing sender notifications: What if your user is the sender?
Don't say it doesn't happen. It does, and sometimes that's the best way for you to know it happened. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Dan Bartley [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 12:03 PM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > We don't send sender notifications. It is bad Netiquette in > the current Trojan environment. It is bad for email lists, it > is bad for IT departments and it is bad for individual users. > > However, we do look at the recipient and administrative > notifications. If it is klez, sobig, etc. we pretty much > ignore it. If it is something else we look at the headers and > see if we can trace it. If we can, we send a notification. > > A little extra work for us, but we are not causing extra work > for others by doing it this way. That is where the above "bad > Netiquette" comment comes from. > > Best Regards, > > Dan Bartley > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 11:56 > To: Exchange Discussions > > A simple change in the notification could solve this problem. > You could say "your system might possibly be infected with a > virus" or something along those line. But the problem of > spoofing your trying to get across is more of a problem with > e-mail in general then with anti-virus software. What going > to happen when p*rn spammers start sending messages to users > as [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harmer, Michael > Sent: Tuesday, June 10, 2003 8:49 AM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > Ah, but "Don't send me viruses and I won't send you those > notifications in the first place." is the flaw. They did not > send you the virus. They mearly were member of some > distribution list, had their e-mail on a web site, or > corrisponded with the person that was actually infected. > Unfortunatly, in your desire to 'assist' those that have no > technical ability(A noble cause), you send many messages to > people who have done you no wrong. 99 out of 100 times your > sending someone a message that indicates that they are > infected. This causes any responsible person to panic, scan > their system, and find nothing. In the end this has as much > or more 'cost' as most of the viruses put together. There is > nothing wrong with sending the message if you are 99% sure > the from or reply address is correct, but otherwise, your > risking offending people and causing increases in costs for > other companies and individuals. > > Here are a couple of possible situations that currently can happen. > 1 : The CEO of your company is the member of a Senior > Executive group and they have a mailing list. Someone who is > infected visits the web site for the group, which has the > posting e-mail list on it. You receive a infected message to > someone inside your network. Your system replys with the > 'Your Infected' e-mail. Your CEO gets a copy. He has his > favorite computer savvy family member check his computer. The > family member says that the computer is fine and that the > message was incorrect. The CEO is displeased at the wasted > time trying to fix a unknown problem. You get a memo the next > day, one that I doubt would be plesant. 2 : Assume that your > company values corprate relations. Some random person is > infected with one of these spoofing viruses. They had visited > the web site for a company that your company values in the > corprate relationship sense. Note that the value could be any > number of things. The other companies web site had a sales or > management e-mail address for contacting them. This random > person sends to you the virus with the other companies list > address. You will be sending a message that WILL cause the > other company expense and frustration. That WILL damage > relationships with that company. Will it break them, probibly > not, but you can not say with 100% certainty that it will not. > > Yes, the other company could have had a virus of the > non-spoofing kind, but your job is to protect your computers > first, and I assume you have done that or this conversation > would not be happening. So it costs you nothing if they send > you a virus short of the continued maintence costs for the > software. Which you will have to spend anyway as there will > always be > 0 viruses in the wild. Responding that they have > a virus in the case of a non-spoofing virus is fine, few > would argue that it is not fair. However, the problem is that > now the viruses are lieing about where they came from, so the > increadbly simple rules of the past are no longer just or > safe for our carears. What we need to do is get the mail > monitor product vendors to get some smarts and add the > ability to suppress mail back in the case of a spoofing > virus. That way you could continue to crusade to end viruses > and not risk anything. Untill then, I disagree with punishing > innocent people and letting the criminal go free. > > --------------------------------------------- > Michael > --------------------------------------------- > > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 11:14 AM > To: Exchange Discussions > > For us the 1% just happened to be one of our employees > mother. She was receiving those "what was that strange > message you sent?" for at least 3 months from people. It > wasn't until she sent a message here, got one of our virus > notifications and then eventually asked me about it, that the > problem got cleared up. This was some 70ish year old woman > that uses her computer for e-mail, small time web surfing, > the occasional online banking session, and the perfect target > for virus writers. > > For me it's more then worth it if you can help one person > from sending viruses to the rest of us. If I get accused of > being a spammer for sending those notifications, then so be > it. Don't send me viruses and I won't send you those > notifications in the first place. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harmer, Michael > Sent: Tuesday, June 10, 2003 6:32 AM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > First, let me say that I understand what your saying if you > are saying that you are concerned about the 1% and wish to > help make the internet a better place by assisting them to > control viruses on their computers. > > Now for my POV > The one percent are basically causing the hardliners to spam > the rest of us. Because most of the virus mail you receive is > spoofed, leaving on the warning send back is the same as > spamming. Basically you will be accusing someone of having a > virus that they do not have, generating bad will between your > company and the one you just spammed. I am speaking from > person experience. One company late last week, sent us 5 > e-mails indicating that we were infected with the active > virus at that time. We were not infected, but because we are > good admins, we sat down and verified that we were not > infected, wasting our time. We knew the virus lied about the > FROM address, but we checked anyway just to be safe. We then > called the offending party(The company that spammed us). They > told us we were infected and we deserved to get the message. > Needless to say, we informed them what the virus does, and > they said they could do nothing about the messages as they > wanted to stop others from spreading infection. BTW, did I > mention that their e-mail said that we wasted their time > because we did not have a e-mail scanner on our systems? > Needless to say, I will probably never do business with that > ISP. They proved that they did not care about corporate > relations, proper etiquette or virus control in general. > > The other problem with this is that the hardliners are > propagating a 99% false positive system. If my AV system was > that bad, I would get a new one. Heck my spam system does > better that 3% false positive. What is worse is that the > false positives are going to people who did not 'sign up' in > the first place.(Hence the spam title) > > Basically, to me, this comes down to a matter of fairness. If > the hardliners believe it is ok to call 100 people 'jerks' > just because one of them has a foul mouth, go right ahead, > but they will find it hard to make friends. If on the other > hand, they instead pay attention to what your receiving and > respond only where you have proof of 'jerkiness', they will > have no problem making friends and they will make the > community much happier. (No one likes a jerk) > > Michael > --------------------------------------------- > > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Monday, June 09, 2003 11:54 AM > To: Exchange Discussions > > Yea but what about that 1% that has no clue their sending out > viruses? <SNIP> > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
