[SpamCop-Geeks] Re: How to handle viral email
nobody at devnull.spamcop.net
Fri Dec 16 10:50:30 EST 2005
"G" <gregstigers+msnews at spamcop.net> wrote in message
news:dnuhf7$ru2$1 at news.spamcop.net...
: I'm curious what others would do in my situation. I've figured
out how I can
: try to find the sender of a viral email, which I should
disclaim may be
: useless to identify dial-up users, although if they send a
: from their transient IP address, I have them. With the IP
address in the
: header, which I also ping and tracert, I create a rule in
Outlook to alert
: on any email with that IP address in the header, which I do not
: enable, but do "Run now".
: That said, having identified an infected user, or his or her
: what? Who do we notify, and how?
: The two options are being discussed. One is to have our
recipient notify the
: sender that his or her PC is infected, and let the user seek
: can be had from IT. The other is for me as the system admin to
: identify the IT contact by whois or other means, or contact the
: user, at my discretion, offering the emails as evidence, and
some level of
: assistance. There are probably other options, and I would
: There is also the question of where to draw the line. Do we
assume that our
: AV is sufficient, and only respond if an affected user
: receiving the denatured viral email? Do we only notify business
: and for instance wash our hands of the problem if the infected
sender is a
: friend, relative, or incidental business contact with whom we
: particular relationship (with a shrug to all those vendors who
: contacted us on their own initiative)?
: Greg Stigers
: I hope this is the appropriate forum for this one
I'm not sure why the question; it seems like, if it were me, I
would (and do):
IFF I am certain I have the actual sender & it's not forged,
Notify the sender AND the sender's server administrator (ISP,
whatever), request a response for when the situation gets fixed,
and then block that address until the response is received.
Period; no exception.
Nothing wrong with advising how to use alternate email routes,
etc., in the notifications, especially if it's a preferred
customer. If it's a customer, a phone call might be in order so
as to prevent surprises. They will likely be grateful to know
they are infected. Lots of ways to be nice about it and to look
like the great business they know you are. Unless you're not.
The only other alternative I see is to ignore it and do nothing.
And if this is a business, start limiting personal usage of the
system as much as reasonable. Email is not/should never be, the
ONLY functional means of contact.
More information about the SpamCop-Geeks