In <200303121725(_dot_)h2CHPkC5001367(_at_)qadgop(_dot_)stewart(_dot_)org>
lstewart(_at_)acm(_dot_)org writes:
This discussion leads me, in a roundabout way, to a topic about which I
am confused. Should mail to invalid recipients be rejected or merely
discarded?
I'm interested in hearing others opinions, but in my opinion, you
should reject invalid recipients as early in the process as you can.
In particular, if you can reject the email before the message has been
accepted by the receiving MTA, you force the sending MTA to do the
bounce. This means that the receiving MTA is not responsible for
bounces that get sent to another of the spammers victims and decreases
the chance that you will be (falsely) labelled as a spammer.
If you silently accept email with invalid recipients, you may well end
up in the same position as Alan DeKok. (see
http://www.striker.ottawa.on.ca/ and his several million spams per
day) Spammers often have more bandwidth than you do, and often care
less about wasting it (since it is often stolen bandwidth.) Trying to
get spammers to waste their bandwidth by consuming yours doesn't sound
like a good idea to me.
Similarly, I'm not sure that disabling the VRFY SMTP command is a good
idea. Yes, the VRFY command can be easily used by spammers to do a
dictionary attack on your server, but if you don't let them do it the
"easy" way, they will likely do it the "hard" way by sending spam to
every possible email address. Again, this increases your bandwidth
and if the spammer doesn't get a rejection, it may well greatly
increase your bandwidth a la stiker.
These kinds of things seem to fall into the "cutting off your nose to
spite your face" category.
-wayne
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg