Infected mails from mydomain

Julian Field MailScanner at ecs.soton.ac.uk
Wed Jan 4 19:06:33 GMT 2006 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jim Holland wrote:

>Hi
>
>On Wed, 4 Jan 2006, Matt Kettler wrote:
>
>  
>
>>Date: Wed, 4 Jan 2006 13:11:58 -0500
>>From: Matt Kettler <mkettler at EVI-INC.COM>
>>Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Infected mails from mydomain
>>
>>Chris Boyd wrote:
>>    
>>
>>>Am i getting these messages sent to my admin alias (ie admin at mydomain.ie) because someone is spoofing my email address and sending out infected attachments? 
>>>      
>>>
> 
>  
>
>>Given that Symantec found a Sober variant virus in it, I'd say with 99.9999%
>>certainty that forgery is the case. Sober tries hard to always forge the
>>return-path and From: headers.
>>    
>>
>
>While that is true, I would put the explanation the other way around:  
>Chris Boyd is receiving these notices because Symantec stupidly bounces
>known viruses back to the spoofed sender address.  Whenever I get one of
>these bounces I send back a polite but firm response to the system sending
>it pointing out the unacceptability of this annoying behaviour (and
>suggesting that they switch to MailScanner of course).
>  
>
Surely they have changed the default to not do this any more, haven't they?
This is grossly irresponsible, and I am very surprised they haven't been 
sued by someone for causing a DoS attack resulting from the inevitable 
Joe-jobs.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list