On Tue, 28 Dec 2004, Daniel J McDonald wrote: > That's still back-scatter, just one relay removed. If Lucy is infected, > and sends mail with Mary's return address through Lucy's usual mail > relay, then when the relay gets a 554 it will send the DSN back to Mary, > often including the virus. Mary then gets infected and starts sending > mail with Joe's return address....
That's back-scatter on the part of Lucy's mail server, which should either have a virus scanner, not be accepting mail with forged return addresses, or both. Frankly I've not heard anyone define back-scatter this way - that the scatter is MY fault if I return a 550 at my gateway. Pardon me if I'm confusing a discussion here with something from either the spamassassin or SPAM-l lists, but every discussion I've read says that returning a 550 at your gateway is the prefered method, as it blocks actual bad stuff, while returning an error to the actual sender of a false positive. And while few and few between, clam does get some FPs. ========================================================== Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
