I'm not sure if my answer is what you / your client wants to hear but if your client is realy concerned about email viruses he should buy a mac. Seriously.

>Could I be missing out on important business contacts?

I doubt. We receive many, many infected emails from many, many clients but all infected emails are sent without their knowledge and not attached to inquiries etc. It doesn't matter anyway - if an email carries a virus, it's for the bin. No matter what the actual content of the message is.

>whether his computer could get infected by simply reading an email

I'm not sure - i'm not using any windoze machine. From reading the daily virus / exploit alerts i'd say, yes - it's possible.

>Is there any advantage to having his ISP filter out virus-bearing emails?

Yes. As long as the ISP know what they do and use up-to-date virus definitions it's pretty comfortable to have the emails killed before they are delivered. Save bandwith, processing power, storage ... and i wouldn't even want a notification.

I recommend Ad-aware and Spysweeper,in addition to Norton, for spyware, parasites, etc. Also, regarding the Sasser worm, I don't believe that there is a patch for Microsoft Windows 2000 Professional SP1. If your machine is vulernerable to Sasser and the OPS is Windows 2000 Professional, make sure its SP2 or higher and download the patch.

I'm not the most computer savvy person on this board, but I speak from 3 weeks of experience (an unwanted toolbar that affected browsing certain web sites; Gaobot worm that modified HOST file; and Sasser).

1) His first question ... He's wondering if he should send an email to each address.

Do this and a couple of things may happen, he may get more SPAM (due to catch-alls) and viruses, and most likely, he will receive an "undeliverable" message because most of the addresses in viruses are spoofed anyway.

2) His second question was whether his computer could get infected by simply reading an email.

Yes, he can. The most likely culprit of this kind of infection would be malicious code inside an HTML email. Two suggestions at stopping that: Keep WIN up to date with all the latest patches (most of the problems from HTML emails will result in a browser hijacking or something like that), and only allow plain text emails.

3) My additional question is: "Is there any advantage to having his ISP filter out virus-bearing emails?"

I agree with Yidaki in the fact that if everything is done right, it's probably better that way. To ease his mind on the ISP filter, you might have him ask who provides their virus protection. I know Norton has a Enterprise solution, as I am looking at doing it for my 20k or so email clients. We are NOT going to send notification to OUR users that an infected file was blocked, but we are going to notify the SENDER in case it's a valid email. I don't really care about rejected emails or spam, because it'll be from an account that is regularly dumped, never read.

but we are going to notify the SENDER in case it's a valid email.

Don't.

You will just be adding to the problem.

Nowadays viruses do not come from genuine e-mail addresses - they are all spoofed. Our mail box is loaded every day with companies advising us that we sent out a virus when we didn't. It just adds to the SPAM overload.

You will just be adding to the problem. Nowadays viruses do not come from genuine e-mail addresses

I understand. That's a concern of mine too. I know most viruses come from spoofed addresses.

Problem is, we have to satisfy our clients. The ones we surveyed in research to help determine features to roll out wanted someone to know that a virus infected email was rejected, preferably the sender, and they classified it as a very important feature.

I understand that most clients are un / undereducated with this regard, but we don't want to roll something out that our clients will reject and go elsewhere.

Catch 22.

Thanks to all for your comments. That was helpful!

Catch 22.

Why not ask the client to show you one e-mail virus that can be tracked back to a customer in the last 6 months. If he can then include it - if not exclude the return advice e-mails.

The situation is so bad these days that we are getting valid e-mals that we send out rejected by ISPs like AOL and others because they can't distinguish between spoofed addresses and real mail.

The situation is so bad these days that we are getting valid e-mails that we send out rejected by ISPs like AOL and others because they can't distinguish between spoofed addresses and real mail.

Why are they rejecting based on email address? That doesn't sound like a very good idea. I have only seen this in rare instances when a domain gets dubbed a spammer, or a sender of a large number of viruses, (by accident of course) but it effected the whole domain, not just a single address.

I'd be interested to hear what prompted them to reject your emails based on your addresses.

As for valid emails getting though with a virus attached, you're right. The instance is so rare that it shouldn't even be an issue to our clients. But, when one email can generate $15k+, it becomes one.

Any advice on how to handle this would be appreciated. I have weighed all options that I can think of.

I can't address Tropical Island's experience, but I do know that valid emails from a forum on one of my sites are being rejected from time to time as spam, especially by AOL. I think that was partly because the host's upline supplier was on some sort of black list which AOL refused to update.

But even my own father-in-law wasn't getting my emails through AOL because he hadn't put my address on his accepted list.

This is a case of the cure being worse than the disease.

If this kind of thing continues, email may become worthless. It's already unreliable.

...upline supplier was on some sort of black list which AOL refused to update.

That's just like the instance I came across.

This is a case of the cure being worse than the disease.

In this case I agree to a point. An entire ISP should not be punished for one user's Spamming. Unfortunately, Spam is getting to be such a problem, that the solutions are becoming more radical. My spam blocker catches 200-300 emails a day from getting to my inbox. It all started because one can only stand so many offers for Viagra before they get REALLY mad and starts to implement systems to stop the flood. Round and round we go with the spammers as they learn ways to get through the filters, and the final solution seems to be to block ALL mail from a certain offender's ISP.

ANYWAY... I guess you are implying that if I got a ton of viruses from a certain ISP, sent replies to them saying their email was blocked, I could end up hurting myself and getting my IP banned from sending email to them altogether.

Interesting...

I guess you are implying that if I got a ton of viruses from a certain ISP, sent replies to them saying their email was blocked, I could end up hurting myself and getting my IP banned from sending email to them altogether.

I can't claim to have figured that out, but it sounds possible.

I'm hoping that once we have email clients that can check for faked sending addresses, we'll be a little closer to solving the spam problem.

Funny how this works. I got an email newsletter today reporting on research that says that sending email notification for failed delivery of emails could be used by hackers to attack a network.

This was in an Experts-Exchange newsletter dated May 4, 2004. The original article was "Return to Sender" by Hank Hogan, dated 27 Apr 2004 in Security Wire Perspectives. There are recommendations for avoiding this attack.

This might be just the justification seoMike needs. No client is going to want to leave themselves open to attack!

I hope it's okay to post the url. The specific article is here: [searchsecurity.techtarget.com...]

Our experience with the AOL problem has been that AOL users tend to be trigger happy when reporting SPAM (or what they perceive as SPAM...) they have the option to report suspicious activity in their inbox...and many times they simply are lazy and don't want to deal with the fact that real spammers love to hit addresses like AOL/HOTMAIL and the like..and if your order confirm or follow-up email gets mixed in with a SPAM report from one or more AOL users...you could get banned...
Several months back we had to step through the re-negotiation process between our ISP and AOL so that our 2 boxes (IP numbers and associated emails addresses from our Web sites) would be able to send email to AOL addresses..
We do substantial business with the AOL community...so you can bet we want to remain on good terms...

zollerwagner-

Thanks for posting the article! That's great! I will use that and related research to justify why we won't send notification to people regarding an infected email. And it's making me re-think our NDN's too.

Thanks a ton!

Oh and zollerwagner, your next post will make you a Full Member. Congratulations!

Why are they rejecting based on email address? That doesn't sound like a very good idea. I have only seen this in rare instances when a domain gets dubbed a spammer,

It can't be that rare, since it's happened to me a couple of times. Any system that uses an open relay will eventually get spoofed and then blocked. My employer finally started using SSL authentication and has gotten its servers off the blacklists. To do so, however, they had to abandone their old SMTP addresses, switch us over to new ones and so on and so forth. And we're talking about 60,000 addresses, since its a large university.

It also happened to me on the e-mail I was using as a workaround from the university.

I think, however, sysadmins are learning that if their customers are going to send emails, they can't run open relays, so it seems to be improving.

he should buy a mac. Seriously.

Using any client except Outlook/Outlook Express will help a lot as well.

Tom