Klez-G - Warning postmaster@sender.com

[Julian Field]

At 16:15 09/05/2002, you wrote:
><snip>

I have to say, I'm siding with you on this one. It's not impossible to
write the postmaster at sending-domain.com message system.

But if people are going to turn it on and get MailScanner a bad name as a
result, then I obviously don't want to write it. I want more people to be
encouraged to use my software to help reduce the number of virus-infected
PC's in the world, not piss off overworked sysadmins (of which I am one, if
you want proof then take a look at
http://www.ecs.soton.ac.uk/~jkf/myjob.html ).

With the current Klez worm, and hence most of the worms that will follow
it, it is currently probably 90% likely that the sender address is false.
So 90% of the time you will target the wrong postmaster, which is Not A
Good Thing (tm).

I agree that up until now this was probably a useful feature, but its
usefulness has just been destroyed at a stroke by Klez.

>I would like to suggest a rate-limiting feature be introduced, so that
>where warning messages are being returned to sender (or apparently
>responsible postmaster, per original sender), only a certain number in a
>given time period are generated.  This will help with the present
>operation of the software, and should some feature as is being discussed
>be implemented, it would help to allay huge numbers of reports being sent
>to postmasters and just maybe then they might do something about it.  But
>I think it a useful feature anyway.
>
>Or perhaps an aggregation of reports to a particular sender (or his
>postmaster), so they only get one mail per fer hours or whatever is
>appropriate.

This is starting to get "real hard" to implement...
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ