John and others,
Yes, you're right, we are blocking e-mails that contain the
signatures of the Sobig worm.
I'm checking into the question of whether and when mail.msu.edu
and pilot.msu.edu send bounce messages. You are right, bounce
messages are not helpful when the sender is spoofed.
[log in to unmask]">http:[log in to unmask]
And yes, this sort of thing should be documented in help.msu.edu/status.
I've added an Alert there with the information I've got, and
will update it when I learn more from the mail team.
>A few questions:
>(1) shouldn't this info be listed at http://help.msu.edu/status/ (?)
>and/or publicized to MSUNAG list?
>(2) I haven't researched this virus, but doesn't it forge the sender
>info? So why are we returning it to the "sender"?
> (I ask this because our faculty are getting inundated with these
>incorrect "You have a virus" messages)