Mike Knudsen wrote:

So, I get a lot of short spam mails with attachments, delete them un-opened and
unread, and the big downloads never happen. Of course, those attachments had
to move over hte Internet and get stored in AOL's disk farm -- butnot on MY
nickel.
73, Mike K.

Thats still not much fun if you were to be getting 200 per hour like
some guys are reporting and STILL have to manually delete them.
Not to be tooting anybody's horn but I just got a 'newsletter' from
Mailwasher saying that they can now accomodate AOL email with their
latest edition.
Hopefully this whole exercise will be an impetus for the backwards/cheap
ISPs to get some state-of-the-art filtering in place as well as
user-enabled filters.
Although the savvy users may go elsewhere I suspect that there's a lot
of 'sheeple' who will stick with their crappy ISP in spite of the
annoyance simply because they don't know it can be better. I'm kinda of
in a tossup trying to decide whether or not this is the responsibility
of the ISP or the end user but in a massive case like this one i'd have
to put the onus on the ISP to NOT pass this crap on to their users.
Thats irresponsible and bad business and is basically what causes the
whole worm to continue regenerating.

-Bill

--exray-- wrote:

Mike Knudsen wrote:

So, I get a lot of short spam mails with attachments, delete them un-opened and
unread, and the big downloads never happen. Of course, those attachments had
to move over hte Internet and get stored in AOL's disk farm -- butnot on MY
nickel.
73, Mike K.

Thats still not much fun if you were to be getting 200 per hour like
some guys are reporting and STILL have to manually delete them.
Not to be tooting anybody's horn but I just got a 'newsletter' from
Mailwasher saying that they can now accomodate AOL email with their
latest edition.
Hopefully this whole exercise will be an impetus for the backwards/cheap
ISPs to get some state-of-the-art filtering in place as well as
user-enabled filters.
Although the savvy users may go elsewhere I suspect that there's a lot
of 'sheeple' who will stick with their crappy ISP in spite of the
annoyance simply because they don't know it can be better. I'm kinda of
in a tossup trying to decide whether or not this is the responsibility
of the ISP or the end user but in a massive case like this one i'd have
to put the onus on the ISP to NOT pass this crap on to their users.
Thats irresponsible and bad business and is basically what causes the
whole worm to continue regenerating.

-Bill

They should scan every received e-mail for virus or worms, and a
valid FROM address.

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.
--


Michael A. Terrell
Central Florida

--exray-- wrote:

Mike Knudsen wrote:

So, I get a lot of short spam mails with attachments, delete them un-opened and
unread, and the big downloads never happen. Of course, those attachments had
to move over hte Internet and get stored in AOL's disk farm -- butnot on MY
nickel.
73, Mike K.

Thats still not much fun if you were to be getting 200 per hour like
some guys are reporting and STILL have to manually delete them.
Not to be tooting anybody's horn but I just got a 'newsletter' from
Mailwasher saying that they can now accomodate AOL email with their
latest edition.
Hopefully this whole exercise will be an impetus for the backwards/cheap
ISPs to get some state-of-the-art filtering in place as well as
user-enabled filters.
Although the savvy users may go elsewhere I suspect that there's a lot
of 'sheeple' who will stick with their crappy ISP in spite of the
annoyance simply because they don't know it can be better. I'm kinda of
in a tossup trying to decide whether or not this is the responsibility
of the ISP or the end user but in a massive case like this one i'd have
to put the onus on the ISP to NOT pass this crap on to their users.
Thats irresponsible and bad business and is basically what causes the
whole worm to continue regenerating.

-Bill

They should scan every received e-mail for virus or worms, and a
valid FROM address.

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.
--


Michael A. Terrell
Central Florida

Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a

That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.

Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV

Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a

That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.

Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV

Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill

Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill

In article , "Michael A. Terrell"
writes:

They should scan every received e-mail for virus or worms, and a
valid FROM address.

Yes, no reason a server like AOL can't do this (maybe they do -- I don't get
anything like 200 per day, let alone per hour of Spam).

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

No, don't send the recipeint an email for every one that was deleted -- as
someone already noted, that is a PITA in itself. Perhaps every 24 hours the
ISP could send the recipeint a list/log of deleted messages.

Oops, you said back to the *sender*. Well, if it's an invalid Spam address,
that won't do anything but clog up the network further. If it is valid, it's
just a waste of BW, and may help the spammer fine-tune his text to get thru the
filter next time.

OK, if it's *infected*, may be good to notify the sender, who may be an
innocent victim whose machine has been taken over. I'll buy into that.

Earthlink delivers E-mail with no FROM: information in the header.
If an ISP can't do this much, they need to go out of business.

Boooo! Agreed. --Mike K.


Oscar loves trash, but hates Spam! Delete him to reply to me.

In article , "Michael A. Terrell"
writes:

They should scan every received e-mail for virus or worms, and a
valid FROM address.

Yes, no reason a server like AOL can't do this (maybe they do -- I don't get
anything like 200 per day, let alone per hour of Spam).

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

No, don't send the recipeint an email for every one that was deleted -- as
someone already noted, that is a PITA in itself. Perhaps every 24 hours the
ISP could send the recipeint a list/log of deleted messages.

Oops, you said back to the *sender*. Well, if it's an invalid Spam address,
that won't do anything but clog up the network further. If it is valid, it's
just a waste of BW, and may help the spammer fine-tune his text to get thru the
filter next time.

OK, if it's *infected*, may be good to notify the sender, who may be an
innocent victim whose machine has been taken over. I'll buy into that.

Earthlink delivers E-mail with no FROM: information in the header.
If an ISP can't do this much, they need to go out of business.

Boooo! Agreed. --Mike K.


Oscar loves trash, but hates Spam! Delete him to reply to me.

In article , --exray-- wrote:
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.

I _do_ know how they work.

Those services *still* let stuff leak through, when 'something new' shows up.

"Somebody" has to do an analysis, determine that it _is_ a virus/worm, and
develop a 'signature' for it, that pattern-matching routines can use to
identify subsequent instances.

The subscription services rely on *outside* specialists -- like Norton, or
MacAfee -- to do that analsysis, and supply the 'signatures'.

Their primary strength is 'spam' filtering, which they accomplish by noting
when the 'same' message starts showing up 'lots of places'. *BUT* the 'early
bird' instances *do* get through, before things hit the 'lots of places'
threshold.

And, there is a real risk of legitimate traffic being mis-identified as spam.


Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.

Nope. Some _forms_ of names are not legal/valid at yahoo. knowing what
the rules are for 'allowed' names, one can suppress those which are
'disallowed'.

Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.

Without a _complete_ redesign/replacement of the basic mail-transport protocol,
it is simply _not_possible_ to check for a vaild 'From' address at the point
of receipt. *NOR* to tell authoritatively where it _actually_ came from.