Re: ISP scanning for infected e-mail

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 10/13/03 

Date: Mon, 13 Oct 2003 21:16:28 GMT

In article <MPG.19f0bdde8e9e35839897ee@msnews.microsoft.com>,
2003MS20.spam@aosake.net wrote:
>In article <tRBhb.11135$Eo2.5275@newsread2.news.atl.earthlink.net>,
>notdisclosed@mindjump.com says...
>> In the first 12 hours of Friday, 10OCT03 I received 80 notices, sent by
>> ISP's or other e-mail handlers, that an infected e-mail sent to my mailbox
>> was intercepted.
>
>Well, what do you want? For your ISP to silently drop your email? Could you
>trust your ISP to be 100% certain that the email they drop is what you
>wanted them to drop? Not I...

I think the point is that this is verifiably _not_ "your email", so yes,
silently dropping it would be a lovely thing to do. What's worse is the
third-party reports - "We received an email from someone other than you, and
it listed you in the 'to' headers, so we thought we'd advertise our virus
scanner software to you, too, just in case you didn't get enough spam as it
is".

I maintain that antivirus scanners _should_ keep people informed of what
they are doing, but the people informed should be those in a direct path of
authority to the person running the virus scanner. If I call up ISP X, and
say "you keep sending me virus reports, and I am not infected", and ISP X is
not my ISP, they have absolutely _no_ incentive to bother to click the
check-box. However, if ISP X's subscribers are reporting the presence of
virus reports over and above what is necessary, then ISP X has a very strong
reason to reduce the frequency or size of those reports - maybe even to
simply log how many viruses are being kept, or to summarise the reports.

Feedback loops work marvelously. Spraying crap to the wind, by contrast, is
only useful in agriculture.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: Don!
    ... It depends if the reported breaches of policy are serious or not, which is decided by the ISP. ... if one or several reports of genuinely offensive emails had been made the ISP would have withdrawn their services. ... doctor for reasons best known to him. ...
    (soc.genealogy.britain)
  • Re: Don!
    ... Because he is still using the same ISP? ... Ergo, if they have not, the implication is that the reports ... recipients of these emails knew they were not as characterised. ... He is not a *medical* doctor but is fully ...
    (soc.genealogy.britain)
  • Re: SPAMCOP reporting
    ... >>the notify and indicate that you are an innocent bystander. ... > My ISP did this and called me to advise me that my nemesis had reported ... > The problem is that I did not receive such a notification. ... notified of future reports. ...
    (comp.os.vms)
  • Re: Discover Outgoing IP address
    ... > believe) can only mean that your ISP puts it's customers inside a "Network ... >> but my router reports the range.81.105.x.x range ... >>> It would most likely mean that your WAN address that the router sees is ... If your current dns servers don't support dynamic update, ...
    (microsoft.public.windows.server.sbs)
  • Re: How can we stop the flood of SWEN E-mail??
    ... >> 'swen mails' would an ISP need to be issuing that they ... For an ISP is much cheaper to call one ... > reports with yaspi and most of them have been solved. ... someone dialing a telephone to be a telephone company ...
    (microsoft.public.security.virus)