ietf-smtp
[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-04 21:27:29
On Wed, 04 Feb 2004 22:39:53 EST, Hector Santos 
<winserver(_dot_)support(_at_)winserver(_dot_)com>  said:

I guess the lack of response means people don't feel this is a problem SMTP
could help address?

What would help this (and a lot of other security issues) a lot more is
if certain vendors actually paid attention to all the warnings about
transporting active content in e-mail ever since RFC1341 came out like
12 years ago.

Your proposal doesn't really do any good - consider that it's quite
possible for a virus to get loose on an Exchange server and ruin several
thousand people's days without ever going anywhere near SMTP (remember
that some are multi-vector, so all it takes is one Exchange user on Kazaa..)

Putting warts onto one protocol because one vendor can't get another protocol
right is a highly questionable practice at best.  It's the moral equivalent
of reducing the speed limit to 30 on all the interstates because one tire
company had trouble making tires that didn't have the threads fall off at
higher speeds.

Attachment: pgpXW6mScJxXb.pgp
Description: PGP signature