Re: virus handling

["Mike Healan" <mike () spywareinfo com>]

> 3.1.1.) Abuse Role Account
> Providers should provide an adequately stuffed abuse role account

Typo: "stuffed" > "staffed"

> 3.1.2.) e-mail Alias and Web-Interface
> Additionally providers should provide e-mail aliases for the IP
> addresses of their customers (eg. customer at 127.0.0.1 can be reached
> via 127.0.0.1 () provider com) or a web interface with similiar
> functionality. The latter should be provided when dynamically assigned
> IP addresses are used for which an additional timestamp is required.


I would disagree with 3.1.2. Otherwise you could end up with direct
marketing companies such as Doubleclick harvesting the IP addresses
accessing their banner ads and then sending UCE to those people. Or for
that matter, it could lead to a mass attack with someone sending UCE to
every IP address allocated to an ISP. *Someone* probably will be using
that IP and spammers clearly don't care who sees their spam.

Otherwise I entirely agree with this. Bouncing a virus-infected email is
worse than useless. It is active participation in the distribution of
the worm and the damage to networks it is causing.

Regards,

Mike Healan
Editor
www.spywareinfo.com

----- Original Message ----- 
From: "Thomas Zehetbauer" <thomasz () hostmaster org>
To: <bugtraq () securityfocus com>
Sent: Wednesday, January 28, 2004 10:45 AM
Subject: RFC: virus handling