At 01:11 PM 6/4/2003 -0600, Vernon Schryver wrote:
> From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
> ...
> The main problem with VRFY is that it allows the spammer to verify
addresses.
> ...
This is a minor issue, but pleast note that the main problem with VRFY
is that many and perhaps most SMTP servers have it turned off. No
one with the faintest familiarity with how spam, spam filters, and
even general STMP installation testing today uses VRFY. Instead we
all do what the spammers do many 10's of millions and perhaps billions
of times every day. Instead of sending the sequence of SMTP commands
HELO
VRFY
we send
HELO
MAIL From
RCPT To
The result of the second sequence is not perfect (e.g with Yahoo),
but it is far more likely to work than the first.
However, if we are defining an SMTP process for CRI protocols, can we use
the VRFY command as a part of an ESMTP extension?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg