This discussion leads me, in a roundabout way, to a topic about which I
am confused. Should mail to invalid recipients be rejected or merely
discarded?
I'm interested in hearing others opinions, but in my opinion, you
should reject invalid recipients as early in the process as you can.
In particular, if you can reject the email before the message has been
accepted by the receiving MTA, you force the sending MTA to do the
bounce. This means that the receiving MTA is not responsible for
bounces that get sent to another of the spammers victims and decreases
the chance that you will be (falsely) labelled as a spammer.
I agree, it's what we try to do here. The exposure to a "dictionary attack"
may be over-emphasised. Such an attack has a pretty clear signature
( high invalid/valid ratio over a short time originating at
a single IP or small range). It's possible to (dynamically) modify
policy with respect to a source which has given that signature.
Of course, this signature is strong for us - as our ~100k accounts cover
only
a small part of dictionary (or randomised localpart) space.
It's likely not as strong for Yahoo or Hotmail.
On a related point: We've had a number of complaints from foreign system
admins
about such attacks using a (forged) sender in one of our domains. They tend
to
send us yards of their MTA logs as "evidence". It seems that there are many
"postmasters" out there who don't know how to read their own logs
("it's the IP stoopid!"). Sender forgery tends to come as a terrible
surprise
to them.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg