[Esa-l] SECURITY_NOTIFY_RECIPIENT

Andre Kajita - Administrador da Rede admin at camarasjc.sp.gov.br
Wed Apr 18 04:18:48 PDT 2001


Greets list,

> It's good PR to let the intended recipient know that you've blocked
> malware. But don't expect the recipient to be able to glean much from
> those headers.

I've found the contrary to be better - not in PR's sake of course, but
for my sanity's sake.  It so happens that most users (or lusers if you
prefer) have no idea what the notification email means - they just
assume that somebody's sending them something that you don't want them
to receive (that's what happened in my case even with a VERY detailed
explantion of the filter).  This happened to me during the first
months of using John's filter - people would call me VERY upset
complaining that I had no right to block off their attachments.  It so
happens that they were receiving a bunch of macro virus and trojans
but they didn't care - they wanted them!

So, to smooth things out, I posted the poisoned files list on my
intranet ("These are prohibited files and extensions, you won't
receive them") and removed the notification email and things are
working fine.  Nobody knows what's being blocked and so most people
really don't care anymore.

BTW, I've recevied a complaint that user's friends had "snow white
porn" and when his forwarded the file to him it was never received... 
:)

Andre.
-- 
"All Your Base Are Belong to Us"
"What You Say?"
--
Andre Kajita - Administrador da Rede <admin at camarasjc.sp.gov.br>
Camara Municipal de Sao Jose dos Campos - SP
http://www.camarasjc.sp.gov.br



More information about the esd-l mailing list