One Question Certification Tests for E-Mail Filter Authors

by chromatic

Related link: http://news.bbc.co.uk/1/hi/technology/3164861.stm



Sobig is back.



When I left my job as a system administrator back in 2000, I was glad never to deal with Windows boxes again, especially as two Windows viruses had recently decimated the internal network. (Yep, one in ten users had lost data.)



Several years later, only one computer I own has ever even had Windows on it, and that's because I bought it from a failing dot-com. (The hard drive was wiped before I bought it.) I guarantee I'm not spreading Sobig because I know Outlook and Outlook Express won't even install on any machine I own.



I can accept that there are Bad People on the Internet taking advantage of Unsecure Computers run by People Who Don't Know Better. That's why I have a firewall. I share a mail server with friends, and I read and send mail over a secure connection.



I also have mail filters, for obvious reasons. After I cleaned out over a hundred Sobig viruses this morning, I added a couple of rules to my filter and it's humming away (seven in the last ten minutes).



With that digression out of the way, I'd like to propose a simple certification examination for people who'd like to write new mail filtering and response systems. It's very simple, just one question. If you answer the question correctly, you're free to write your software. If you answer the question incorrectly, you cannot ever write mail filtering software. I'm sorry, but that's just the way it is.



The question is, can a From address be forged?.



There might be room for an advanced certification test that asks one more question, namely, if you detect a virus that forges From addresses, should you respond to the From address, knowing that it's likely forged?.



If the answers are obvious, you're probably overqualified to work on e-mail scanning software.