RE: [Asrg] C/R Interworking Framework

ietf-asrg

RE: [Asrg] C/R Interworking Framework

2003-06-04 14:15:32

RFC 2505, section 2.11:

"Both SMTP VRFY and EXPN provide means for a potential spammer to test
whether the addresses on his list are valid (VRFY) and even get more
addresses (EXPN). Therefore, the MTA SHOULD control who is is allowed to
issue these commands. This may be "on/off" or it may use access lists
similar to those mentioned previously."

The main problem with VRFY is that it allows the spammer to
verify addresses.


I rarely see SMTP VRFY attacks..it's just as easy to do RCPT TO than SMTP
VRFY...in fact, spammers don't care if the address is valid anyway since
they often uses bogus sender addresses.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] C/R Interworking Framework, John Fenley Re: [Asrg] C/R Interworking Framework, Yakov Shafranovich Re: [Asrg] C/R Interworking Framework, Vernon Schryver RE: [Asrg] C/R Interworking Framework, Eric Dean <= RE: [Asrg] C/R Interworking Framework, Peter Kay Re: [Asrg] C/R Interworking Framework, Dave Aronson Re: [Asrg] C/R Interworking Framework, Yakov Shafranovich Re: [Asrg] C/R Interworking Framework, Kee Hinckley Re: [Asrg] C/R Interworking Framework, Yakov Shafranovich Re: [Asrg] C/R Interworking Framework, Vernon Schryver RE: [Asrg] C/R Interworking Framework, Peter Kay Re: [Asrg] C/R Interworking Framework, Yakov Shafranovich Re: [Asrg] C/R Interworking Framework, Vernon Schryver Re: [Asrg] C/R Interworking Framework, Yakov Shafranovich

Previous by Date:	RE: [Asrg] Spam as a symptom of sender/recipient imbalance., Peter Kay
Next by Date:	RE: [Asrg] CRI Header, Vernon Schryver
Previous by Thread:	Re: [Asrg] C/R Interworking Framework, Vernon Schryver
Next by Thread:	RE: [Asrg] C/R Interworking Framework, Peter Kay
Indexes:	[Date] [Thread] [Top] [All Lists]