Paul Koning <pkoning@equallogic.com> writes:
Perry> However, those of us who run mailing lists find that although
Perry> anyone "can" forge a list member's address, it is almost
Perry> unheard of that it actually happens. Restricting my lists to
Perry> subscribers only has eliminated 100% of the spam going to
Perry> them.
That certainly would not be true for the IPsec list -- I've looked
over enough IPsec message headers to say that. FOr IPsec, the
percentage of forged addresses is clearly quite large.
Not if you exclude viruses. The amount of spam from forged addresses
is nil -- the virus activity is separate.
However, the viruses are trivially blocked with a rule matching a
regular expression like this:
/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|cpl|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|rar|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)/
My machines block all email matching that regexps and as a result I
see no viruses at all.
What I'm seeing is that all the virused emails are being detected (by a
Gauntlet firewall) and I'm just getting reports about the virus being
removed. IT says we don't run the firewall. My guess is that it's
been checked before it reaches the IETF list server. The emails I've
looked at are coming from valid addresses and are addressed to the
tislab list address.