[Fwd: IFCC-FBI Criminal Complaint (Warning: E-mail viruses detected)]

Matt Kettler mkettler at EVI-INC.COM
Thu Dec 15 20:43:58 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Had to share this with you folks. I get these from time to time, and
> think they are most amusing. This one is even more officious than most,
> so I got a better laugh out of it than normal.


Agreed, clearly it's the admin of secure.hostwizard.ws who should be arrested
and prosecuted for configuring mailscanner without virus detection to avoid
autoresponding. :)


Unfortunately, while I am half joking, I'm only half joking.

I don't think they should be criminally investigated, unless they unleashed
enough of a flood of notices to actually DoS the victim site. However, I do
think they are dangerously misconfigured and deserve the same LARTing and
disrespect as the admin of an open-relay mailserver that a spammer abused.

I view mis-directed  Challenge-Responses, virus notices, and post-delivery spam
notices as indirect spamming through deliberate, and willfully malicious,
misconfiguration. Such admins are trying to solve their email problems by
foisting the problem into the mailboxes others. I get enough spam and viruses
without getting notices for all of theirs too.

I myself do not take kindly to being imposed upon by such systems. I'm sure a
few list members here can attest they have gotten my warnings that I'll
blacklist their server if they don't cease sending me notices for undetected
viruses. And I do have a good number of servers 550'ed for persistently sending
me such notices.

My own policy is I send a LART after 2 mis-directed notices, and blacklist if
they keep coming in 24 hours after the LART. Of course, if I get a deluge I'll
blacklist them without waiting for 24 hours as a defensive measure. My general
removal policy is roughly 1 week, but I'm lazy about it so it could be more or
less often.

Just some food-for-thought on the other side of the coin.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list