Klez-G - Warning postmaster@sender.com

Julian Field jkf at ecs.soton.ac.uk
Thu May 9 16:33:03 IST 2002

At 16:15 09/05/2002, you wrote:

I have to say, I'm siding with you on this one. It's not impossible to
write the postmaster at sending-domain.com message system.

But if people are going to turn it on and get MailScanner a bad name as a
result, then I obviously don't want to write it. I want more people to be
encouraged to use my software to help reduce the number of virus-infected
PC's in the world, not piss off overworked sysadmins (of which I am one, if
you want proof then take a look at
http://www.ecs.soton.ac.uk/~jkf/myjob.html ).

With the current Klez worm, and hence most of the worms that will follow
it, it is currently probably 90% likely that the sender address is false.
So 90% of the time you will target the wrong postmaster, which is Not A
Good Thing (tm).

I agree that up until now this was probably a useful feature, but its
usefulness has just been destroyed at a stroke by Klez.

>I would like to suggest a rate-limiting feature be introduced, so that
>where warning messages are being returned to sender (or apparently
>responsible postmaster, per original sender), only a certain number in a
>given time period are generated.  This will help with the present
>operation of the software, and should some feature as is being discussed
>be implemented, it would help to allay huge numbers of reports being sent
>to postmasters and just maybe then they might do something about it.  But
>I think it a useful feature anyway.
>Or perhaps an aggregation of reports to a particular sender (or his
>postmaster), so they only get one mail per fer hours or whatever is

This is starting to get "real hard" to implement...
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list