|
|
BugTraq
RFC: virus handling Jan 28 2004 03:45PM Thomas Zehetbauer (thomasz hostmaster org) (13 replies) RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Jan 29 2004 12:00PM Andrey G. Sergeev (AKA Andris) (andris aernet ru) (1 replies) Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Feb 03 2004 04:07PM Peter J. Holzer (hjp wsr ac at) Re: RFC: virus handling Jan 28 2004 10:00PM John Fitzgibbon (fitz jfitz com) (1 replies) Re: RFC: virus handling Jan 28 2004 06:24PM Patrick Proniewski (patpro patpro net) (1 replies) Re: RFC: virus handling Feb 03 2004 08:55PM Matthew Dharm (mdharm one-eyed-alien net) (1 replies) Re: RFC: virus handling Jan 28 2004 06:07PM Jeremy Mates (jmates sial org) (1 replies) Hysterical first technical alert from US-CERT Feb 03 2004 12:11PM Larry Seltzer (larry larryseltzer com) (3 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 12:18PM Andreas Marx (amarx gega-it de) Re: Hysterical first technical alert from US-CERT Feb 04 2004 02:31PM Valdis Kletnieks vt edu (2 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 08:33AM Stephen Samuel (samuel bcgreen com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 06 2004 10:07PM Valdis Kletnieks vt edu (1 replies) Re: Hysterical first technical alert from US-CERT Feb 08 2004 01:01PM Shawn McMahon (smcmahon eiv com) RE: Hysterical first technical alert from US-CERT Feb 04 2004 02:41PM Larry Seltzer (larry larryseltzer com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 04 2004 12:27PM Philip Rowlands (phr doc ic ac uk) Re: RFC: virus handling Jan 28 2004 05:54PM 3APA3A (3APA3A SECURITY NNOV RU) (1 replies) getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 09:11AM Gadi Evron (ge linuxbox org) (4 replies) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 08:04PM Georg Schwarz (geos epost de) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 06:27AM der Mouse (mouse Rodents Montreal QC CA) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 11:07PM James A. Thornton (jamest u-238 infinite1der org) |
|
Privacy Statement |
> Shut off notifications.
Yup.
Standardizing notifications according to some new RFC would accomplish:
1. Providing another standard message format for socially engineering virus
deliveries.
2. Adding yet another format for notifications - no such RFC would be
universally adopted.
3. Feeding us geeks more useless esoterica to discuss indignantly on the
lists - should noncompliant notifications be a new classification for
rfc-ignorant blacklisting?
4. Continuing bombardment by enough mistaken and virus-faked notifications
to make all notifications worse than useless.
5. Continuing possibilities for using MTA event-handling automation as a
virus distribution vehicle. Possibilities would be more limited, but they
would not be eliminated.
6. It would make it easier to filter the notifications, as the original
poster intended. But I would rather not get them at all when most of them
are mistaken automated notifications.
Dealing with misaddressed mail and incoming infections is boring and costly.
But automated NDRs and virus notifications just spread a larger cost out
across a mail system. They eat the time of the system, the users, their
correspondents, and possibly someone else's admin. They are a selfish way to
push the costs onto others, and probably cost an organization more than they
save in the mail admin's time.
My opinion is you should drop what bad mail you can, and deal with the rest.
Notifications are only useful when they are actionable - they have to be
well-analyzed, and they have to be sent only to people who understand them
and who have the motivation and ability to deal with them. That is a tall
order, which means there should only be a few manually reviewed
notifications.
[ reply ]