lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2004 15:33:36 -0500
From: "Mike Healan" <>
To: "Thomas Zehetbauer" <>,
Subject: Re: virus handling

> 3.1.1.) Abuse Role Account
> Providers should provide an adequately stuffed abuse role account

Typo: "stuffed" > "staffed"

> 3.1.2.) e-mail Alias and Web-Interface
> Additionally providers should provide e-mail aliases for the IP
> addresses of their customers (eg. customer at can be reached
> via or a web interface with similiar
> functionality. The latter should be provided when dynamically assigned
> IP addresses are used for which an additional timestamp is required.

I would disagree with 3.1.2. Otherwise you could end up with direct
marketing companies such as Doubleclick harvesting the IP addresses
accessing their banner ads and then sending UCE to those people. Or for
that matter, it could lead to a mass attack with someone sending UCE to
every IP address allocated to an ISP. *Someone* probably will be using
that IP and spammers clearly don't care who sees their spam.

Otherwise I entirely agree with this. Bouncing a virus-infected email is
worse than useless. It is active participation in the distribution of
the worm and the damage to networks it is causing.


Mike Healan

----- Original Message ----- 
From: "Thomas Zehetbauer" <>
To: <>
Sent: Wednesday, January 28, 2004 10:45 AM
Subject: RFC: virus handling

Powered by blists - more mailing lists