It appears that a new variant of Bagle/Beagle is out -- up to version P by McAfee's counting. This new one adds a new bogus From address, e.g. [log in to unmask] The mail team is looking into restoring the known ID blocking. (The mail team is also looking at a more general solution, as suggested I think here by John Valenti: check to see if a From mailbox exists and block delivery when it doesn't.) /rich >Has this blocking been dropped? My department just got hit this morning with a > flood of these from [log in to unmask], [log in to unmask], etc. (I identified the > computer from its IP, and sent email to the user as well as the IP > administrator.) > >At 01:18 PM 3/3/2004, Rich Wiggins wrote: >>The mail team is now blocking mail from sending addresses known >>to be bogus and used by the worm: >> >>[log in to unmask] >>[log in to unmask] >>[log in to unmask] >>[log in to unmask] > > >--Chris >============================================== >Chris Wolf Computer Service Manager >Agricultural Economics [log in to unmask] >Michigan State University 517 353-5017