Thread: Radio Folks: PLEASE Do This
View Single Post
  #32   Report Post  
Old September 25th 03, 06:46 PM
Robert Bonomi
 
Posts: n/a
Default
In article ,
Michael A. Terrell wrote:
Chuck Harris wrote:

Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a

That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

In this case, they don't need to search for a valid file name. All
they need to do is search for a segment of the worm that doesn't change.
Someone is doing it, I am getting messages that I was sent a E-mail with
the worm, and it was removed. I find it interesting that most of these
are from other countries, including a Russian ISP.

Which works *ONLY*AFTER* "somebody" has analyzed the virus/worm, and
determined a 'signature' for it. And *maybe* gotten one that did _not_
change between varients.



valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?

I am talking about e-mail with a blank FROM: No sender is listed, no
domain, no IP address. Any e-mail missing any of these should be bounced
at the server.

WRONG. Such mails are *required* to be accepted, according to long-standing
standards. Historical reason: those messages were, traditionally, 'bounce'
messages from remote servers, that were unable to deliver a message you
sent. The 'null sender' was *deliberate* design, to prevent 'bounce of a
bounce' messages, 'bounce of a bounce of a bounce', etc.

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.

They need to standardize what is required in e-mail headers. Refuse
any e-mail with an incomplete header, or with a faked domain name. If
they can maintain a black hole list for renegade ISPs, they can maintain
a database of valid E-mail domains.

Not since last week, when the registry operator for the .com and .net
domains installed 'wildcard' records that match a query for *any*
*NONEXISTANT* domain.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.

Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV

I would rather they look into, and solve the problems. They need to
learn how to do their jobs. They are supposed to be selling service, not
excuses.

Some things _cannot_ be done, without *completely* replacing the infra-
structure. When this involves _millions_ of machines, that are *not* under
any 'centralized' control, accomplishing such infrastructure 'replacement'
is a matter of many _years_. And, until such time as *everybody* uses the
new system, all the systems that _have_ upgrades must *still* be able to
communicate using the -old- system, in order to send to, or recieve from
systems that have _not_ upgraded. And, since the 'bad guys' will *not*
convert to the new system, whereby they could be immediately identified,
there is essentially *zero*benefit* to using the 'new' system -- until that
point, *many* years down the road, when the 'old style' methodology can be
turned off. How do you convince folks to adopt 'new and different' technology,
*NOW*, that won't shoe appreciable benefits till, say, ten years down the
road?


You "don't know what you don't know" about how email is actually handled.

Reply With QuoteReply With Quote