Community action on viruses

A number of my colleagues at Sun have been blogging about the number of MyDoom-generated emails in their inboxes today. Compared with most companies, Sun is barely touched by these infestations, but in a company which generates tens of thousands of emails a day, even “barely touched” means a lot of effluent. The incidence should be even lower, because (with a few exceptions) running Microsoft Outlook within Sun is a violation of IT policies, and the penalties can be severe. (In fact, even running Windows is prohibited unless the system has been “neutered” in various ways.) But people still do it.
My approach, which I recommend, is social pressure. In my email client, I’ve set up a rule that says “if this message originated from within Sun, and if it was created using Outlook or Outlook Express, flag it in red”. Then whenever I see a red message in my inbox, I drop a brief note to the sender asking if they realize that they’re violating IT policy.
If enough of us do this….
[Updated: In response to Dan’s comment: I have never had a false positive. My filter checks for “” in both the “From:” and the “Message-id:”, and for “Microsoft Outlook” (and variants) in “X-Mailer:”; it also checks that the message was NOT processed by any of Sun’s external gateways.]
[Updated: Here’s a representative rule. You will have to add “X-Mailer”, “Received” and “Message-id” to the list of headers that understands. I actually use a number of rules to let me identify particular versions of Outlook, but I don’t expect others to be so obsessive-compulsive about it….
Snapshot of rule