I apologize if this is off-topic for the SIMS list, but I'd like to get the opinion of other mail admins out there.
I, like many of you, have been inundated with infected e-mails as a result of the Blaster worm. I know enough to realize that replying to the "sender" would do no good as it's most likely not the e-mail address of the infected user. But I CAN see the IP that passed it to my SIMS box and, using WHOIS, I can see who owns that IP. In several cases I have gone ahead and blacklisted those IP's because they are mostly likely a source of spam anyway (owned by Taiwanese or Korean ISP's and such). But others have turned out to be IP's owned by networks such as Roadrunner and Earthlink, with whom I cannot afford to cut off communication. Would reporting these incidents, along with a copy of the full headers from the e-mail, be of any use to their network admins? Would this alert them to possible open relays or infected customers? Or would it just be one more annoyance clogging up their day? ================================================ | Doug Starkey | | Network Administrator | | Pecan Deluxe Candy Company | | 2570 Lone Star Drive | | Dallas, TX 75212-6308 | | e-mail: [EMAIL PROTECTED] | | voice: 214-631-3669 Ext. 108 | | fax: 214-631-5833 | ================================================ ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
