Thread: Radio Folks: PLEASE Do This
View Single Post
  #31   Report Post  
Old September 25th 03, 06:31 PM
Robert Bonomi
 
Posts: n/a
Default
In article , --exray-- wrote:
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.

I _do_ know how they work.

Those services *still* let stuff leak through, when 'something new' shows up.

"Somebody" has to do an analysis, determine that it _is_ a virus/worm, and
develop a 'signature' for it, that pattern-matching routines can use to
identify subsequent instances.

The subscription services rely on *outside* specialists -- like Norton, or
MacAfee -- to do that analsysis, and supply the 'signatures'.

Their primary strength is 'spam' filtering, which they accomplish by noting
when the 'same' message starts showing up 'lots of places'. *BUT* the 'early
bird' instances *do* get through, before things hit the 'lots of places'
threshold.

And, there is a real risk of legitimate traffic being mis-identified as spam.


Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.

Nope. Some _forms_ of names are not legal/valid at yahoo. knowing what
the rules are for 'allowed' names, one can suppress those which are
'disallowed'.

Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.

Without a _complete_ redesign/replacement of the basic mail-transport protocol,
it is simply _not_possible_ to check for a vaild 'From' address at the point
of receipt. *NOR* to tell authoritatively where it _actually_ came from.

Reply With QuoteReply With Quote