Infected mails from mydomain

[Jim Holland]

Hi

On Wed, 4 Jan 2006, Matt Kettler wrote:

> Date: Wed, 4 Jan 2006 13:11:58 -0500
> From: Matt Kettler <mkettler at EVI-INC.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Infected mails from mydomain
> 
> Chris Boyd wrote:
> > Am i getting these messages sent to my admin alias (ie admin at mydomain.ie) because someone is spoofing my email address and sending out infected attachments? 
 
> Given that Symantec found a Sober variant virus in it, I'd say with 99.9999%
> certainty that forgery is the case. Sober tries hard to always forge the
> return-path and From: headers.

While that is true, I would put the explanation the other way around:  
Chris Boyd is receiving these notices because Symantec stupidly bounces
known viruses back to the spoofed sender address.  Whenever I get one of
these bounces I send back a polite but firm response to the system sending
it pointing out the unacceptability of this annoying behaviour (and
suggesting that they switch to MailScanner of course).

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!