Re: [SAGE] tainted sage-members email

[Trey Harris <trey@sage.org>]

In hopes of quelling the inundation of emails I'm getting on this...

Yes, I know about the spam sent under my address.  No, I didn't send it
out, intentionally or otherwise.  I don't use Microsoft mail products or
OS's for my mail reading.  The virus that sent this out is somewhat more
clever than others in picking spoofed From: addresses.  It was sheer luck
that it happened to hit a mailing list with a spoofed address (mine) that
was actually a subscriber to that list (sage-members) so that moderation
was bypassed.

As for all the automated responses I've received: it seems to me that
informing a spoofed user that they are being spoofed is arguably a
reasonable thing to do (I say "arguably", though, because lacking a
centralized authority for such activity, these emails could easily open an
avenue for a personalized DoS), but informing them that they're infected
with a virus is not--because it's not necessarily true.  If you have
control over the text of your automated messages, you may want to edit
them to make them more clear, lest you send people who are merely innocent
bystanders into a panic.  The probability is that a given email addresses
is not being read by a technically savvy person. :-)

(I'm well aware that those reading mail behind the more draconian
auto-updating filters probably are not seeing this message, and will
possibly never see another message from me again.  Regrettable, but short
of only using non-respondable mail addresses, which I consider an
abominable capitulation to the status quo, there's really no way for
anyone to protect themselves from this sort of malicious activity.)

-- 
Trey Harris
Vice President
SAGE -- The System Administrators Guild (www.sage.org)
Opinions above are not necessarily those of SAGE.