Need someone to lead product or development at your software company? I lead product and engineering teams and I'm looking for my next opportunity. Check out my resume and get in touch.

Symantec Spoofing

Freshness Warning
This article is over 16 years old. It's possible that the information you read below isn't current.

Symantec obviously knows that the SoBig email worm uses spoofing to make it look like the virus was sent from someone other than the actual sender. So why does their server-based antivirus tool insist on replying to the sender that their system is sending SoBig emails?

I’m getting several messages a day from mail servers protected by Symantec and others notifying me that I’ve been sending SoBig attachments. I’m not the one that’s infected. It’s a minor irritation to me because I understand what’s going on. But what about people who don’t know? They’re getting alerts from anti-virus companies, but they probably don’t know that it’s a false alarm. I can imagine the average email user being panicked that their system is infected.

September 4, 2003 10:25 AM

Sad isn't it. - Most of the time this is admins setting up the software to reply (intending it for internal consumption) or the software not being bright enough to have a sence of direction. And thanks to SoBig Etc admin@my-domains goes to /dev/null and I no longer use M$ mail products.

Lummox JR
September 4, 2003 1:07 PM

Augh. I heartily agree that it's stupid of Symantec to do this. In fact, knowing that worms even *could* forge their sending address, it's beyond stupid that a notification feature was ever put in in the first place. Internal consumption doesn't cut it; you'll still be sending the same notification a zillion times, and the forged return address would still ensure that the message never got where it was meant to go. I've been doing battle with these bonehead admins, sending off letters (that sometimes make it and sometimes don't) to fix their virus filters. I also send letters to those who apparently aren't even using a filter, or at least are using one that doesn't stop Sobig. It was only recently that I learned Symantec was a major culprit in the notifications, though.

September 5, 2003 9:09 AM

You could blame Symantec, but I think that they shipped their products configured like this long before viruses like Sobig found out how to spoof. Therefore, I think that the first blame is on the mail admins of these systems who did not care to change the default configuration of their scanner.

Lummox JR
September 8, 2003 2:35 PM

True, you could give Symantec a pass for that, if not for the fact that anyone designing an e-mail scanner *should* give a thought to these things. Sending out an e-mail with a spoofed header is rather trivial, and it's not as if spoofed spam didn't exist then. So I count this as extreme failure to think ahead to some obvious and inevitable future worm capabilities. I also, however, blame the admins who didn't turn off the notification. In a bizarre twist, Friday I got a notification spam from Virginia Tech of all places, which actually admitted that I might not be the sender. When I contacted their admin, I was told that they had no choice of turning the notification off (obviously not a Symantec filter then), which was an extremely bogus excuse. I was not kind; a technology-oriented university should know better.

September 11, 2003 1:40 PM

On the other, perhaps those panicked recipients rush out and buy symantec antivirus?

Your comments:

Text only, no HTML. URLs will automatically be converted to links. Your email address is required, but it will not be displayed on the site.


Not your company or your SEO link. Comments without a real name will be deleted as spam.

Email: (not displayed)

If you don't feel comfortable giving me your real email address, don't expect me to feel comfortable publishing your comment.

Website (optional):

Recently Written

A framework for onboarding new employees (May 15)
There’s no single good way to onboard an employee that works for every role. Here's a framework for creating a process that you can adapt to each situation.
TV hosts as a guide for software managers (May 10)
Software managers can learn a lot from journalists or late night TV hosts and how they interview people.
The Improvement Flywheel (Apr 29)
An incredible flywheel for the improvement of a development team. Fix a few things, and everything starts getting better.
Managers and technical ability (Dec 26)
In technical fields, the closer you are to the actual work being done, the closer your skills need to resemble those of the people doing the work.
Dysfunctions of output-oriented software teams (Sep 17)
Whatever you call it, the symptom is that you're measuring your progress by how much you build and deliver instead of measuring success by the amount of customer value you create.
Evaluative and generative product development (Aug 30)
Customers never even talk to the companies that don't fit their needs at all. If the only product ideas you're considering are those that meet the needs of your current customers, then you're only going to find new customers that look exactly like your current customers.
Product Manager Career Ladder (Aug 19)
What are the steps along the product management career path?
Building the Customer-Informed Product (Aug 15)
Strong products aren't composed of a list of features dictated by customers. They are guided by strong visions, and the execution of that vision is the primary focus of product development.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2020 Adam Kalsey.