I think it's appropriate to point out that a consent framework where a
recipient
would need to specifically enable HTML, and (separately, particularly this part
here) attachments, on a sender-by-sender basis (and, moreover where one could
categorize attachments by either filename extensions or types by category...
text, Acrobat, fonts, images, executables, sound, video, etc)... and only
enable
for a given sender the TYPE(s) of attachment that one EXPECTS that sender to be
sending to the recipient... would have made this SoBig fiasco a non-event.
Most of these recipients who allowed this worm to infect their computer
probably
would NOT have had authorized those senders to send attachments at all, let
alone EXECUTABLE attachments.
And of course, these "multi-extension" attachments (like document.doc.pif)
wouldn't (shouldn't!) fool a better attachment extension/type filter.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg