[Top] [All Lists]

Best practices to avoid virus and spam

2004-02-10 23:36:06


Some thoughts on how to avoid viruses and spam in these days of MyDoom.

I think the current situation is quite manageable, with the RBL,
the virus checking and spam-checking software. I am running a minor
mail host, but it seems to be popular with virus-senders and spammers,
I get about 50.000 to 100.000 mais a day and more than 99 % are
virus or spam. But current software takes most of it. The only thing I would
like to get rid of, is all the error reporting mails, saying that I have
sent out virus infected mail, or that I have sent mail to somebody whose
address is unknown or their mailbox is full.

I have by the way collected strings for postfix filters to discard
messages reporting bogus virus, available at

Actually there is some good chances of getting rid of the bogus error
reports. We are dealing with the good guys here, so they may be able to
take proper advice.

I would advice that we recommend some best practice procedures,
hopefully to be implemented in the MTAs software products of the world. 
Maybe we should write an RFC on this.

I have got three pieces of advice:

1. Always check for virus/spam before checking for valid reciepient, or
whether the mailbox is full or some such.

2. Generate a specific error message, maybe we should introduce a
standard error code for this, like 551 - mail rejected as virus or spam.

3. If the mail is virus or spam, then do not send it back to the
sender - as this is most likely a forged address anyway. Discard it
instead.  But if you must, then use the standard error mesaage as
described above. 

I think with this scheme, we would have avoided alomost all of the
virus/spam and also annoying error traffic .

No need for new protocols, closed networks etc. Maybe a need for some
RBL listing virus/spam infected machines, I don't know.

Best regards