On 9 Jan 2003, at 13:06, Bill Verity wrote:

>With all the spoofed mail these days from viruses like klez, I'm thinking
>of adding this header to all of our lists.

And?  You get a bogus posting (that hopefully gets rejected for other
reasons) from [log in to unmask] that really came from verizon.com.
Will you be asking the subscriber if they have any friends at verizon
and what their ID's are, so you can email them?  Kidding aside, I'm not
fond of Klez either and, before AOL (I'm speculating) did whatever they
did to cut back on the torrent, I used to respond:

/*  Begin Klez.faq  */

The following message containing a copy of the Klez virus was sent
to the Listserv at St. John's University.  I'm not an expert on how
AOL processes mail but, as far as I can tell, it appears from the
below "X-Apparently-From:" field that the mail may have really come
from you.

I have no recommendations for how people should identify or remove
viruses on their PC's, but in case you need a pointer to some place
to start:

A reference on Klez and its variants:

  http://securityresponse.symantec.com/avcenter/

...and a program to locate and hopefully remove infected files:

  http://securityresponse.symantec.com/avcenter/FixKlez.com

Using "Klez" as a search term to any decent engine should provide
plenty of references to what it is and what it does, particularly
its internal forging of "From:" fields, and the fact that your PC
could be mailing out random files from your hard drive in addition
to transmitting copies of itself.

If this FAQ was of use to you or you have suggestions on how to
improve it, please email me at [log in to unmask]

                                 -Kary (Maelstrom Postmaster)

/*  End Klez.faq  */

I do see positive responses to the above, but I wouldn't bet they amount
to more than 5% of what I send out, or equal the negative responses.  And
AOL is the only major ISP I'm aware of who provides a clue as to who the
real sender was.
                                               -Kary