On Fri 18/Oct/2019 14:58:01 +0200 Michael Rathbun via mailop wrote: > On Fri, 18 Oct 2019 10:21:47 +0200, Alessandro Vesely via mailop > <mailop@mailop.org> wrote: > >> For blatantly viral attachments, silently dropping the message still seems to >> be the most appropriate action. Is that a best practice? > > Absolutely not. And the message disappearance I mention above can happen for > a message of any description.
I started dropping instead of rejecting when I saw people getting infected after opening an attachment in a bounce message. At the time, viruses were mainly spread by open relays. Sender and recipient seemed to be rather interchangeable, so bouncing such messages would just increase the spreading likelihood. Perhaps, a possibility could be to reject if the message is SPF and/or DKIM authenticated, still drop otherwise. Would that make sense? I find non-authenticated messages where I happen to know that the sending mailbox belongs to the same person as the recipient one. Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
