moderated Re: Virus scanning


 

Mark,

If I reject a message, should it bounce back to the sender, or should
I blackhole it?
Given that the sender passed a reverse-DNS I'd say it is safe to bounce it back. Chances are the message was sent by a compromised account at an otherwise legit service. (And maybe the rejection lets them know they've got a problem user?).

If a message in the archives is flagged as having a virus or phishing
attack, should I put a banner on the page saying so?
On the whole I'd say "yes".

The counter-argument is that if the group's mods accepted the message then they might not appreciate having the (presumed false-positive) marking on the message. But I think that the members deserve to know that there was at least some doubt about this content.

(and should I go back through the archives doing scans)?
Optional, but probably a good idea. The question is what you'd do besides mark them. I think adding entries for them to the Activity log may be sufficient (for mods to go find them if they want).

I haven't done anything with SPF and DKIM data yet.
One step at a time. Though I might have expected these before content scanning. But I may have a skewed view of their relative difficulty and effectiveness (eg: these don't apply to uploads).

Shal

Join main@beta.groups.io to automatically receive all group messages.