On Wed, Sep 03, 2003 at 09:01:18PM -0700, John W. Baxter wrote: > On 9/2/2003 16:34, "Will Yardley" <[EMAIL PROTECTED]> wrote: > > However, I think it's a good overall policy to reject any message > > that's not delivered - with any sort of filter based on content, > > you're running a risk of rejecting legitimate messages, so it's > > important that the sender realize the message wasn't delivered. > It's arguably a decent overall policy, but it fails in the case of Sobig-F > which ordinarily forges the sender. Bouncing Sobig amounts to an attack on > an innocent party...particularly if more than a smallish part of the > incoming message is included.
As someone else pointed out (and as I pointed out), when a message is rejected during the SMTP transaction, it's the job of the sending machine to return the message to its sender. Sobig (and most spamware) sends direct to MX from the infected machine, and doesn't send a bounce when it receives a 55x response; the message is simply rejected and no harm is done. The problem is when the message is NOT initially rejected, and is then bounced back to the sender. Even worse are those misconfigured virus scanners which send notifications to the apparent "sender". -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." (Sleater-Kinney - "Combat Rock") ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
