On Thursday 22 January 2004 8:13 am, rgreene(_at_)tclme(_dot_)org wrote:
4 - Trojans living on client PC's would be unable to spread their payload.
95% of the incoming traffic I get is due to the 'Microsft Support' worm which
harvests addresses from usenet and sends itself via the host's legitimate
outgoing MTA.
SPF would not stop this at all. I still need to AV scan unless I want my users
to have to deal with it. The only difference is that I could then be sure of
the originating domain - which means I can send a human-readable bounce back
to the sender telling them they are infected with a virus.
Since the localpart may still be forged -depending on the nature of the virus
- I would be tempted to include postmaster@ and abuse@ as recipients so that
the admins know they have a virus-infected end-user.
I would be interested in the esteemed opinions of this group on whether such
bounces would be (un)desirable in a sender-authenticated SPF world - provided
of course that some intelligent throttling is applied to prevent a deluge of
such bounces.
Possibly a system could be set-up using a central clearinghouse to coordinate
such a deluge-prevention heuristic. A single daily report sent to postmaster@
and abuse(_at_)? Blacklist those who consistently fail to clean up their act?
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡