General discussion

Locked

Useless virus return emails

By gralfus ·
Since the latest viruses are faking the email addresses that they actually came from, wouldn't it make sense for every email admin in the world to turn off the auto reply that happens when a virus is intercepted? I get dozens a day claiming that I sent a Netsky or some variant virus to a number of addresses.

But since the return address that the virus uses is always incorrect, why bother sending out the useless reply. It is unnecessary, fills up mailboxes with trash disguised as something useful, is intended well but completely fails to accomplish the reason it is designed for.

Any good reasons to not turn this notification off?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Faking addresses

by Oz_Media In reply to Useless virus return emai ...

addresses are rarely GUESSED except in the case of Admin, Suport etc. Most are gathered by web crawlers that search websites for email contact addresses. Once the sender doesn't get a reply, he can asume it's genuine and work to get you address book.

Once your addy book is spoofed, everyone gets an email from you. MOST of the time when someone uses YOUR address to relay mail, this means you also have a virus or worm to get rid of. THis is of course unless someone else has you address and they were spoofed themselves, in which case you are usually next in line.

I have my client's SPAM protection set up and so finely tuned now that nobody in their organization sees more than 2 perhaps 3 junk emails per day, they were receiving hundreds each at one point.

As for shutting off the Auto responders, well you're right, unless it's a vacation alert, I don't want it back.

As for shutting off RELAY, well I would hope NOBODY still has mail relaying active on their network, but then again, it is suprprising how many fortune 500 companies are blacklisted as they won't resolve their meial relay issues themselves. they are the headache that we face each day, mail relays from spoofed company servers run by morons who haven't even heard of security.

NEC couldn't send me email until I told them to fix their damn servers, same as Telus and Nortel Networks. Network engineers on a blacklist, whatever next?

Collapse -

You're right

by Cactus Pete In reply to Useless virus return emai ...

Many admins now who haven't changed the old default of notifying the "sender" that the message they gave was infected are simply playing into the hands of the virus writers. They generate more useless traffic, and antagonize many more people who think they're either getting more spam, or that someone they know is actually infected [even themselves, in some cases].

I really hate having to explain to several users every time one of those bounced messages comes to them that no, we weren't infected, and no, you friend at that site was telling the truth, he isn't infected, either.

Spoofing seems to be a very difficult concept for the common user to grasp.

Oh, and of course, spam filters can't stop these "legitimate" email messages auto-generated from "administrators"...

Collapse -

For business these are usless but

by HAL 9000 Moderator In reply to Useless virus return emai ...

Sometimes for home users they do prove useful in letting these people know that they have an infection. I remember recently a case where a Medical Doctor sent out a planed speach that he was to give at a conference from his unprotected home computer which was infected so at least he then took steps to set things right but to most of us they are a waste of both bandwidth and time.

Col

Collapse -

Bandwidth consideration

by i386 In reply to Useless virus return emai ...

As if the worms propagating didn't eat bandwidth, those return mails eat up even more bandwidth. And IPv6 is becoming vaporware. It's supposed to be able to prevent header forging and email spoofing but implementation could take years.

Scanning outbound mail should eliminate the need for return mail unless antivirus protection is somehow compromised or out of date.

Collapse -

You're Absolutely Right

by Jim_MacLachlan In reply to Useless virus return emai ...

We quit sending thos automated warnings a couple of years ago. They don't do a lick of good & just chew up bandwidth. They also drive up the Help Desk calls as users freak out about warnings, undelivered emails & choked email boxes. They were a good idea in their day, but that day passed a couple of years ago.

Back to IT Employment Forum
5 total posts (Page 1 of 1)  

Related Forums