At 2:15 PM +0100 2003/08/19, Jon Kyme wrote:
The demand of generating bounces to a spam run (to no doubt forged
senders)
had crippled their (exchange) server. When asked why they weren't just
rejecting unknown recipients they said that Mgmt wanted to see
"wrong email addresses". How we laughed.
Hmm. Well, issuing response codes like that immediately to mail
messages could also be used as a method of determining what are valid
e-mail accounts.
Yes, this is a well-known issue. Equally, it's not beyond the wit of man
(or spammer) to reconcile DSNs with probe messages.
I think that "accept then DSN" is a variation of "security through
obscurity"
Out of curiosity, have you tried the reverse? Specifically,
seeing if you get more or less spam sent directly to your valid
accounts when you do not issue 55x responses to attempts to send
e-mail to invalid accounts?
I believe that we're talking about a research initiative which may address
this issue. At the time when we made the change from "accept and DSN" to
"550", we didn't have the luxury of experimenting. Every spam run/probe
against our sytems resulted in a DoS. This was intolerable (for us - others
will have different priorities).
Of course, then spammers just try to route their effluent through
the backup MXes, in the hope that they don't check whether or not the
recipient is valid. ;(
Many do, indeed. Not all in my experience.
Of course the solution to this is to figure out how to replicate your valid
user db to your backup MX.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg