On 9 Jan 2003, at 13:06, Bill Verity wrote: >With all the spoofed mail these days from viruses like klez, I'm thinking >of adding this header to all of our lists. And? You get a bogus posting (that hopefully gets rejected for other reasons) from [log in to unmask] that really came from verizon.com. Will you be asking the subscriber if they have any friends at verizon and what their ID's are, so you can email them? Kidding aside, I'm not fond of Klez either and, before AOL (I'm speculating) did whatever they did to cut back on the torrent, I used to respond: /* Begin Klez.faq */ The following message containing a copy of the Klez virus was sent to the Listserv at St. John's University. I'm not an expert on how AOL processes mail but, as far as I can tell, it appears from the below "X-Apparently-From:" field that the mail may have really come from you. I have no recommendations for how people should identify or remove viruses on their PC's, but in case you need a pointer to some place to start: A reference on Klez and its variants: http://securityresponse.symantec.com/avcenter/ ...and a program to locate and hopefully remove infected files: http://securityresponse.symantec.com/avcenter/FixKlez.com Using "Klez" as a search term to any decent engine should provide plenty of references to what it is and what it does, particularly its internal forging of "From:" fields, and the fact that your PC could be mailing out random files from your hard drive in addition to transmitting copies of itself. If this FAQ was of use to you or you have suggestions on how to improve it, please email me at [log in to unmask] -Kary (Maelstrom Postmaster) /* End Klez.faq */ I do see positive responses to the above, but I wouldn't bet they amount to more than 5% of what I send out, or equal the negative responses. And AOL is the only major ISP I'm aware of who provides a clue as to who the real sender was. -Kary