In a semi-related thread on another list [thankfully, not replicated to a newsgroup so far as I know] someone mentioned a two-part "co-conspirator" to the problem: verisign.

It seems that Verisign, the holders and maintainers of a large part of the domain name registry, made an arbitrary (it seems) decision to break a fundamental part of the DNS as a whole: instead of returning a "failure" status for bogus domains, they now return a LEGITIMATE IP address for anything "not resolved".  For web traffic, this will direct you to their sign up page so you can register said domain [that you most likely mistyped anyway]; for all other traffic, such as SMTP edit checks against the SOURCE of the message, it will likely go to a black hole...

Now, for those that haven't made the connection as to why this is a "bad thing", consider my last comment there: SMTP edit checks.  Yes, one part of the "war on spam/UCE"  **WAS** to verify that the domain of the sender is in some way "legitimate".  This is because many spammers & worms simply "make up" a domain to make the message appear "legitimate" to the end user [security.microsoft.org, for example...]  When the top-level DNS resolve returns "no such address", many SMTP programs simply drop the message right there [and I'm told this cuts 50% of the spam in it's tracks]  Now that ANYTHING in ".com" resolves to an IP, well...

> -----Original Message-----
> From: Roy Brown [mailto:[log in to unmask]]
> 
> In message <[log in to unmask]>, John
> Lee <[log in to unmask]> writes
> >Good (or bad) Morning:
> >
> >It's Monday and I'm still getting these.  My ISP theorizes [...] 
> >Does anyone have ideas about:
> >1.  Filtering software to block emails that carry .exe files?
> 
> Lots of email software can, lots of spam filters can, lots of 
> specialist programs can.

This can get to be a sore/sticky point, but I'd venture to guess that while an ISP would **LOVE** to install a unilateral "block this type of message" rule, there will be some "legitimate" traffic in which having "blocked" said message would result in lots of (justified) finger pointing and name calling.  Therefore it falls upon the end users to install this type of software (and then monitor what it is doing)

One possibility [especially for those still on "dial-up"] would be to use either "pop-filters" (I'll explain) or "remote/offline" mail mode [of outlook].  On my system at home, using kmail [which is a Linux-based e-mail client] it has what it calls "pop-filters", which simply means a filter that looks at "just the headers" and makes a decision to download, delete, or hold messages.  The general rule-of-thumb is to only apply these "pop-filters" on messages over a certain size [like 50kb, though these "security" messages tend to be 140k, this "limit" can be easily bumped a bit]  Outlook's "offline" mail mode is similar in that it will download "just the headers" first, which will allow you to (manually) decide to download/delete/wait-for-later on messages.  While this step is manual, it at least saves you from multiple 140kb downloads that you are going to throw out anyway.

> More to the point, what's this very limited email software 
> you are using that can't even show you headers?

Most likely outlook -- unless you know where to look, it isn't obvious as to how to view the actual headers, and in some cases, you won't get the "full" headers anyway.  I'd also guess anyone using "web-based" e-mail doesn't have access to the "real" headers either...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *