mailing list archives
Fighting useless notification mails
From: Marc Ruef <marc.ruef () computec ch>
Date: Tue, 30 Mar 2004 12:44:05 +0200
Viruses and worms that spread as mail attachments are filling our
inboxes day for day. Most of this nastly little monsters are able to
generate random or faked from addresses.
I receive dozents of automaticly generated notification mails that
presume I sent a not allowed attachment. I am pretty shure that this is
not true. Many different facts are able to verify this statement (e.g.
sending time, SMTP routing, source IP address).
In some cases it may be useful to notify a sender that his host is
spreading malicous code. But I would like to see that antivirus vendors
enhance their databases and save standardized the information if a mail
worm is able to generate random or faked source addresses. If this may
be given, antivirus solutions should _not_ send a notification to the
presumed sender anyway, because it makes absolutely no sense. So it may
be possible to break down the whole useless notification spam that
doubles the annoying virus mail traffic.
Attack Tool Kit - Enhance your pen-tests
Full-Disclosure - We believe in it.
- Fighting useless notification mails Marc Ruef (Mar 30)