[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Les Mikesell les at futuresource.com
Wed Jun 29 17:07:19 EDT 2005

On Wed, 2005-06-29 at 12:58, WBrown at e1b.org wrote:

> > I think you'll change your mind about this the day some virus spews
> > thousands of emails with *your* address forged as the sender through
> > a relay that doesn't block it, a very likely event if you've sent
> > email to a lot of people.  Your smtp rejection forces the sending
> > relay to construct a bounce message which is almost certain to be
> > to a forged return address - I don't think any viruses in the past
> > several years have sent with the real user name.  When it's your return
> > address involved, you might wish everyone just dropped viruses quietly.
> Basically, that would have to be an open relay and most of the world 
> blocks open relays.  There aren't that many around any more. 

No, it just has to be the normal relay for a virus-infected PC.  The
world is full of these.

> Once we get to SPF/SenderID/Domain keys, or whatever authentication 
> mechanism eventually gets adopted, this will really drop off.

Does your own system have any mechanism to ensure that messages
originating behind it that are rejected by the next hop cannot
be bounced to some forged address instead of the real sender?

  Les Mikesell
   les at futuresource.com

More information about the MIMEDefang mailing list