A few years back it made sense. If your email gateway scanned incoming messages and determined one to have a virus it seemed like it was the courteous thing to do to just quickly send a reply to the Sender and let them know that the message was infected and what it was infected with. Why not?

But, such auto-responding to infected emails at this point should be illegal. Companies and entities that still auto-repond to virus infected messages should be fined for the bandwidth they are wasting and for contributing to the problem rather than helping it.

All network and security administrators should know by now that MOST new viruses contain the ability to spoof the From or Sender of the email message and that there is virtually NO chance of the auto-response getting to the actual virus originator.

This latest Sobig virus has had double or triple the impact it should have because misguided administrators haven't turned off auto-responders. Until or unless they can find another way to respond- looking at the packet headers for some other information besides the Sender or From information which is so easily forged.

It is a little exasparating and soemone should mandate that auto-responders are simply not allowed anymore or something.