OK, found out that you cited the very mail, so I will not send them
again. But what do you say to my analyses that looking at the mail body
for virus would *reduce* the traffic, and also the bogus error mail?
Do you agree?
no.
1. What happens if you reject the email on grounds of bad receipient?
The infector then just goes on to the next potential victim in his
list.
Net result: the bandwidth consumed by sending virus on the internet
total stays the
same.
this is only true if the machine that is trying to propagate the virus
has such a long list of potential victims that the virus on that
machine will get found and removed before it exhausts that list. I
don't think this is true in general, though it could be true for some.
even if the virus is consuming the same bandwidth either way, there's
no particular reason that a server should consume its own bandwidth
just to save someone else from consuming bandwidth. everyone has it in
his own interests to not waste bandwidth that he is paying for.
And the infector will get back to you eventually, so your specific
bandwidth will possibly not be reducsd much by this, it would probably
get reduced by your skill in handling this compared to the average
performance of the internet.
it's not clear how many viruses retry failed transmissions. even for
those that do, for a typical virus it would take several failed retries
to equal the bandwidth that would be consumed.
the other problem with this comparison is that you are only considering
virus traffic - but an SMTP server that sucks down messages just to see
if they are viruses also wastes a lot of bandwidth on messages that
aren't viruses, and makes error reporting less reliable.
2. If you read the virus and just discard it, you will reduce the
traffic of error messages - as you do not issue one.
no, you will reduce the traffic of error messages issued in response to
viruses. you will increase the traffic of error messages overall.
3. If you keep the infector busy with sending you stuff that you will
discard, then he cannot do other evil things at the same time.
it's certainly possible for a virus to manage lots of outgoing
connections at once.
To me, the model is a bit like what the economists call game theory,
that if you sacrifice some of your own ressources initially, you can
actually get a better result overall for the society, and actually also
for yourself.
just because this works some of the time does not mean it works in this
specific case.