[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]

Damien Elmes clug at repose.cx
Mon Jan 19 09:45:11 GMT 2004


Nemo -earth native- <nemo at nut.house.cx> writes:

> Back to the original point, there is also an element of selfishness I
> admit. If someone is going to be annoyed by either a bounce or a
> notification, then since (imho) most of these are worms, it's better to
> not annoy my paying customers.

And instead annoy random people on the internet! I can appreciate the
desire to please the customers over strangers, but this has to be
balanced against the impact on the global community.

My experience has been the reverse of yours - the majority of spam I
get is caught by spam filtering software and is marked as so. "The
message you (didn't) send was blocked" messages tend to creep through
since they don't look like spam, and they prove to be a big annoyance.

> More pragmatically, if we notified the recipient on every catch, then
> they'd have to manually contact the sender to send it through via a
> loophole anyways - by rejecting back to the sender, we've automatically
> done the customers job for them on 'real' attachments.

But the sender may be wary of taking action based on advice from an
automated system. And your system prevents the recipient from ever
being aware of the missed mail (to "not annoy them"), and this could
prove to be a big problem if they're waiting for a particular message
and time is of the essence.

Your approach certainly saves the customer time, but whether this
leads to a happier customer is not clear cut. Some customers would
prefer a reminder that they are protected from the nasties of the
internet, and would not want to move to a system where they could be
unaware of emails which had been sent to them.

Cheers,
-- 
Damien Elmes


More information about the linux mailing list