Hector Santos wrote:
From: "Matthew Elvey" <matthew(_at_)elvey(_dot_)com>
Yakov wrote:
There is a reason to their madness - it discourages spammers from
harvesting email addresses.
It's a poor excuse. There are ISPs that detect harvesting attacks and
when they do, deal with it - some then refuse even email to valid
addresses. They can refuse the email without stating or otherwise
giving away the information that the reason for refusal is email to a
nonexistent account.
Matthew,
I agree. sites such as Yahoo who allow all RCPT TO: are in my view, for all
intent open relay sites. It encourages and promotes the usages of obsfucated
email addresses across the board to all systems. In other words, it makes
the matter worst and adds overhead across the board to all systems.
But they are not an open relay! According to the requirements document
(hhttp://asrg.kavi.com/apps/group_public/download.php/7/draft-irtf-asrg-requirements-00.txt):
"1.3.26 Open Relay MTA
An MTA which is configured to relay mail for local domains and
foreign domains not associated with the MTA, without restricting
access to the relay functions. In essence an Open Relay MTA
typically relays messages for known and unknown domains because
of improper configuration."
In your definition of an open relay is a server that is allowed to say
"250" to every RCPT TO command for a *local* domain! There is *nothing*
in ANY RFC that states that an SMTP server is not allowed to do that.
Therefore, your definition is inconsistent with the existing standards
since you are expecting SMTP servers to do something that is not in the
specs.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"I ate your Web page. / Forgive me. It was juicy / And tart on my
tongue." (MIT's 404 Message)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg