«

Alan Kennedy <> schreef:

> Bringing an end to the problem would probably involve a fairly
> substantial admin effort on the part of the python.org admins.

No, it's the admins that run an antivirus on their mail server or the users
that use broken anti-virus/anti-spam tools that should fix their system.
It's plain stupid and irresponsible to bounce or send a mail back to a
*forged* and often randomly shuffled "From:" address, doubling or tripling
the mail traffic generated by the virus itself.

(I have even seen one system "bouncing" virus mails with the attachment
included, sending the virus to an innocent user...)

--
JanC

"Be strict when sending and tolerant when receiving."
RFC 1958 - Architectural Principles of the Internet - section 3.9

>>> Alan Kennedy wrote
> Is there some sort of mail header that these virus checking gateways
> could examine, to see if the email is from a list, rather than an
> individual, before it sends these emails? Maybe we need to invent one,
> e.g.
>
> X-Dont-Send-Me-Virus-Reports: YES

Won't help - the virus that fakes 'python-' (or
python- - while it's old, I'm sure it's out there still)
won't generate this header.

Greg Ward's aware of the issue, and he's working on it - offers of
useful round tuits to help him wouldn't be a bad thing.

> > "Be strict when sending and tolerant when receiving."
> > RFC 1958 - Architectural Principles of the Internet - section 3.9
>
> Do this mean we should quietly tolerate the "you sent me a virus!"
> emails?
>
>

No, it means you should send very firmly worded "fix your ****ing
mail gateway" messages to the people sending back useless bounce
messages.

--
Anthony Baxter <>
It's never too late to have a happy childhood.

On Sun, 06 Jul 2003 08:54:40 -0400, Alan Kennedy wrote:

> But if an email is sent from an individual to an individual, then such
> "you sent me a virus!" emails can be very useful information. It's only
> when an email address is associated with lots of subscribers that it
> becomes a problem. Or, as you pointed out, when the from address is
> forged.

The from address is always forged.

I get literally hundreds of bounces daily from various viruses. My
Bayesian filter had not yet learned to distinguish them from real bounces.
I did not send any of them. For the bounces that include the original email in
an rfc822 attachment, this can be verified by looking at the 'Recieved'
headers. It never went anywhere near my system. I don't even run Windows
- and these are Windows viruses.

I also receive email threatening bodily harm for sending spam. A less
clueless admin sent me email saying that he had contacted my ISP and had
my account cancelled - and included a ticket # to prove it. I looked at
the ticket, and there was indeed an account cancelled at some ISP I'd
never heard of. Since the admin was smart enough to look at the headers
to track down the real ISP, you would think he would be smart enough to
realize that any From headers in spam are completely bogus.

Sending any kind of reply to a spam or viral email is clueless and
counterproductive under any circumstances. All it accomplishes is
annoying yet another innocent bystander.