ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)

2003-09-15 05:37:47
Jonathan Morton explained:

I did the same with SpamAssassin when Sobig.F started hitting me with hundreds per day (bounces and infections alike). I manually set the MICROSOFT_EXECUTABLE score to 10.0 (the default score is only 0.3) and set up Procmail to dump messages above 8.0. I'm pretty sure that dealt with over 99% of the problem.

I personally think that nearly all ISPs, especially those with a large proportion of newbies, should delete directly-executable attachments without question.

while there is an autocratic part of me that agrees most heavily with what you say, I also fear the hubris inherent in the situation. This is what I think in isolation place or spamtrap equivalent is what is called for. That way the user can determine whether or not they really want that piece of e-mail. On the gripping hand however I have rarely received an executable by e-mail from anyone except someone I have had long conversations with (i.e. OEM technical support)

the nice thing about a spamtrap (at least the way I have designed/implemented) is that I can get an audit trail of messages and who approved them. So in the case of a virus, you can know which employee is a FWM and started the infection process.

---eric



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>