At 04:42 AM 9/15/03 +0200, Brad Knowles wrote:
At 2:06 AM +0100 2003/09/15, Jonathan Morton wrote:
I personally think that nearly all ISPs, especially those with a
large proportion of newbies, should delete directly-executable
attachments without question.
There, I must disagree very strongly. Plenty of people in this
world have reason to be mailing attachments around, although I'm
opposed to their using e-mail as a replacement for proper
file-transfer technologies for large attachments.
Yes, I agree that there should be some default controls to make
this sort of stuff less dangerous, but I am most certainly not
convinced that they should be deleting directly executable
attachments unless expressly asked to do so.
Rather than deleting by default, I recommend renaming
executable attachments to something not executable,
and adding a note explaining what you've done.
(Perhaps also explaining that it's a bad idea to run an executable
you weren't expecting, even if it is from someone you know.)
And if you're going to have an option like that, I also recommend
that it be something the user can turn off.
Scott Nelson <scott(_at_)spamwolf(_dot_)com>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg