Can't we just hack the mailman configs to dump mails with X-sender
value
of outlook or outlook express? That would solve the problem, no;)
Well, the only problem with that idea is that we explicitly do *NOT*
have > a "Your clue must be ->THIS<- tall to ride the IETF list"
policy... ;)
The Sobig worm includes its own SMTP code, and places arbitrary values
in the header fields. The source address is forged, and so are various
other fields, including X-Mailer. The worm finds target source and
destination addresses by reading files on the user's disk, not by using
a specific Outlook or OE API. It propagates by "social engineering",
when users open some executable attachments. User can do click on
attachments with many mailers, not just Outlook and OE. In fact, the
latest versions of Outlook automatically strip such attachments.
-- Christian Huitema