R
Robert Clark
Below are some messages I sent to Yahoo in regards to the virus
containing emails being delivered to my mail box.
Bob Clark
======================================================================
From Robert Clark Sun Aug 24 17:04:19 2003
Date: Sun, 24 Aug 2003 17:04:19 -0700 (PDT)
From: "Robert Clark" <r*******@yahoo.com>
Subject: Why is Yahoo promoting the proliferation of viruses?
To: (e-mail address removed), (e-mail address removed)
Below is an email I received because a virus spoofed
my email address, falsely sending an email under my
email name.
As you can see Aol.com correctly detected the email
contained a virus and refused to deliver it to the
addressee.
Why is Yahoo still not detecting viruses beforehand
and deleting them as Aol is, MSN is, university
accounts are doing, and other sensible email providers
are doing?
I attached some other emails that were sent to me
that contained the Sobig virus. Why is Yahoo allowing
users to download these viruses inadvertently instead
of automatically deleting them? These virus containing
faked emails caused my account to go significantly
over the limit. For all I know this may have caused
real emails to be bounced.
Why is Yahoo stubbornly refusing to take the prudent
step of stopping the delivery of virus containing
emails beforehand like other sensible email providers
have already done?
Bob Clark
===========================================================================
From Robert Clark Tue Aug 26 07:32:36 2003
Date: Tue, 26 Aug 2003 07:32:36 -0700 (PDT)
From: "Robert Clark" <r*******@yahoo.com>
Subject: Re: your account keokoaoo (KMM250065V6504L0KM)
To: "Yahoo!Mail" <[email protected]>
I'm still getting the Sobig virus and the fake
Microsoft Update virus sent to my email box. This
continues to cause my email storage to go
significantly over my limits. I can only assume this
is causing real emails to get bounced.
If Yahoo chooses to continue its policy of delivering
virus containing emails to its subscribers then I will
be forced to switch to another email subscriber such
as Hotmail or MSN that automatically scans email and
does not deliver emails with viruses in their
attachments.
Bob Clark
================================================================================
Date: Tue, 26 Aug 2003 07:01:10 -0700 (PDT)
From: "Robert Clark" <b***@yahoo.com>
Subject: Re: Is Yahoo doing all it can to prevent the spread of
viruses? (KMM789194V2883L0KM)
To: "Yahoo!Mail" <[email protected]>
Experienced users will certainly scan their email
attachments. But obviously there are alot of new or
inexperienced users who will not. This can especially
happen if the email appears to be from a trusted
source, as happens now frequently with email viruses.
And by trusted source I don't just mean from friends.
This happened to me recently when I got an email
apparently from "(e-mail address removed)". I assumed this had
to actually be from Yahoo because of the server suffix
and the "admin" userid and Yahoo itself would not
email a subscriber an email containing a virus. I was
not aware then that email addresses could be
"spoofed", and I consider myself to be a reasonably
experienced user. I was surprised then when I scanned
the email and found it contained a virus.
You apparently believe simply warning your customers
about scanning emails is sufficient. I disagree with
that and other email providers disagree as well, such
as AOL, Hotmail, MSN and university email systems.
But it would be easy to see how well this "warning"
approach works. Just do a random test of your
subscribers to see what percentage of them didn't scan
an attachment first before opening it AT LEAST ONCE.
Remember just making this mistake once could cause
your system to be infected.
An even better test would be to take a random sample
of subscribers whose email attachments you've scanned
and found to have contained viruses in the
attachments. See which percentage of these opened
these attachments without scanning them or even
inadvertently opened them even after they scanned
them.
Conducting some type of test such as this to me seems
to be required if you are going to continue the
approach of delivering virus infected emails to your
subscribers.
Bob Clark
========================================================================
Date: Sun, 24 Aug 2003 17:54:56 -0700 (PDT)
From: "Robert Clark" <b****@yahoo.com>
Subject: Is Yahoo doing all it can to prevent the spread of viruses?
To: (e-mail address removed), (e-mail address removed)
"Today's tip: VIRUS ALERT - W32.Sobig.F@mm is a
mass-mailing, network-aware worm that sends itself to
all the email addresses it finds in certain files on
your PC. If you receive a message with an attachment
with a .pif or .src extension, we strongly suggest you
scan it before downloading. The message may appear to
be from someone you know."
That's nice.
Here's my suggestion for an AOL ad:
"Do you know what's in your email inbox? AOL has
automatic virus detection software that will not
deliver infected emails to your mailbox. Yahoo does
not.
"Maybe Yahoo thinks their customers like having
viruses delivered to their mailbox ..."
Bob Clark
========================================================================
containing emails being delivered to my mail box.
Bob Clark
======================================================================
From Robert Clark Sun Aug 24 17:04:19 2003
Date: Sun, 24 Aug 2003 17:04:19 -0700 (PDT)
From: "Robert Clark" <r*******@yahoo.com>
Subject: Why is Yahoo promoting the proliferation of viruses?
To: (e-mail address removed), (e-mail address removed)
Below is an email I received because a virus spoofed
my email address, falsely sending an email under my
email name.
As you can see Aol.com correctly detected the email
contained a virus and refused to deliver it to the
addressee.
Why is Yahoo still not detecting viruses beforehand
and deleting them as Aol is, MSN is, university
accounts are doing, and other sensible email providers
are doing?
I attached some other emails that were sent to me
that contained the Sobig virus. Why is Yahoo allowing
users to download these viruses inadvertently instead
of automatically deleting them? These virus containing
faked emails caused my account to go significantly
over the limit. For all I know this may have caused
real emails to be bounced.
Why is Yahoo stubbornly refusing to take the prudent
step of stopping the delivery of virus containing
emails beforehand like other sensible email providers
have already done?
Bob Clark
===========================================================================
From Robert Clark Tue Aug 26 07:32:36 2003
Date: Tue, 26 Aug 2003 07:32:36 -0700 (PDT)
From: "Robert Clark" <r*******@yahoo.com>
Subject: Re: your account keokoaoo (KMM250065V6504L0KM)
To: "Yahoo!Mail" <[email protected]>
I'm still getting the Sobig virus and the fake
Microsoft Update virus sent to my email box. This
continues to cause my email storage to go
significantly over my limits. I can only assume this
is causing real emails to get bounced.
If Yahoo chooses to continue its policy of delivering
virus containing emails to its subscribers then I will
be forced to switch to another email subscriber such
as Hotmail or MSN that automatically scans email and
does not deliver emails with viruses in their
attachments.
Bob Clark
================================================================================
Date: Tue, 26 Aug 2003 07:01:10 -0700 (PDT)
From: "Robert Clark" <b***@yahoo.com>
Subject: Re: Is Yahoo doing all it can to prevent the spread of
viruses? (KMM789194V2883L0KM)
To: "Yahoo!Mail" <[email protected]>
Experienced users will certainly scan their email
attachments. But obviously there are alot of new or
inexperienced users who will not. This can especially
happen if the email appears to be from a trusted
source, as happens now frequently with email viruses.
And by trusted source I don't just mean from friends.
This happened to me recently when I got an email
apparently from "(e-mail address removed)". I assumed this had
to actually be from Yahoo because of the server suffix
and the "admin" userid and Yahoo itself would not
email a subscriber an email containing a virus. I was
not aware then that email addresses could be
"spoofed", and I consider myself to be a reasonably
experienced user. I was surprised then when I scanned
the email and found it contained a virus.
You apparently believe simply warning your customers
about scanning emails is sufficient. I disagree with
that and other email providers disagree as well, such
as AOL, Hotmail, MSN and university email systems.
But it would be easy to see how well this "warning"
approach works. Just do a random test of your
subscribers to see what percentage of them didn't scan
an attachment first before opening it AT LEAST ONCE.
Remember just making this mistake once could cause
your system to be infected.
An even better test would be to take a random sample
of subscribers whose email attachments you've scanned
and found to have contained viruses in the
attachments. See which percentage of these opened
these attachments without scanning them or even
inadvertently opened them even after they scanned
them.
Conducting some type of test such as this to me seems
to be required if you are going to continue the
approach of delivering virus infected emails to your
subscribers.
Bob Clark
--- Yahoo!Mail said:
========================================================================
Date: Sun, 24 Aug 2003 17:54:56 -0700 (PDT)
From: "Robert Clark" <b****@yahoo.com>
Subject: Is Yahoo doing all it can to prevent the spread of viruses?
To: (e-mail address removed), (e-mail address removed)
"Today's tip: VIRUS ALERT - W32.Sobig.F@mm is a
mass-mailing, network-aware worm that sends itself to
all the email addresses it finds in certain files on
your PC. If you receive a message with an attachment
with a .pif or .src extension, we strongly suggest you
scan it before downloading. The message may appear to
be from someone you know."
That's nice.
Here's my suggestion for an AOL ad:
"Do you know what's in your email inbox? AOL has
automatic virus detection software that will not
deliver infected emails to your mailbox. Yahoo does
not.
"Maybe Yahoo thinks their customers like having
viruses delivered to their mailbox ..."
Bob Clark
========================================================================