[Top] [All Lists]

Re: Best practices to avoid virus and spam

2004-02-14 09:15:52

OK, found out that you cited the very mail, so I will not send them
again. But what do you say to my analyses that looking at the mail body
for virus would *reduce* the traffic, and also the bogus error mail?
Do you agree?


1. What happens if you reject the email on grounds of bad receipient?
The infector then just goes on to the next potential victim in his list. Net result: the bandwidth consumed by sending virus on the internet total stays the

this is only true if the machine that is trying to propagate the virus has such a long list of potential victims that the virus on that machine will get found and removed before it exhausts that list. I don't think this is true in general, though it could be true for some.

even if the virus is consuming the same bandwidth either way, there's no particular reason that a server should consume its own bandwidth just to save someone else from consuming bandwidth. everyone has it in his own interests to not waste bandwidth that he is paying for.

 And the infector will get back to you eventually, so your specific
bandwidth will possibly not be reducsd much by this, it would probably
get reduced by your skill in handling this compared to the average
performance of the internet.

it's not clear how many viruses retry failed transmissions. even for those that do, for a typical virus it would take several failed retries to equal the bandwidth that would be consumed.

the other problem with this comparison is that you are only considering virus traffic - but an SMTP server that sucks down messages just to see if they are viruses also wastes a lot of bandwidth on messages that aren't viruses, and makes error reporting less reliable.

2. If you read the virus and just discard it, you will reduce the
traffic of error messages - as you do not issue one.

no, you will reduce the traffic of error messages issued in response to viruses. you will increase the traffic of error messages overall.

3. If you keep the infector busy with sending you stuff that you will
discard, then he cannot do other evil things at the same time.

it's certainly possible for a virus to manage lots of outgoing connections at once.

To me, the model is a bit like what the economists call game theory,
that if you sacrifice some of your own ressources initially, you can
actually get a better result overall for the society, and actually also
for yourself.

just because this works some of the time does not mean it works in this specific case.

<Prev in Thread] Current Thread [Next in Thread>