ietf-asrg
[Top] [All Lists]

Re: [Asrg] "worm spam" and SPF

2004-11-27 23:42:47
After consideration and reconsideration I've come to the conclusion
that delayed rejection to hide the user list is much like security
through obfuscation -- it is too easily defeated.

I agree - and furthermore, if you defer rejection until after the data,
it is approximately as hard to abuse as accept-and-bounce.  (It does
require a little care with 4xxing RCPTs to preserve protocol
conformance while making it nontrivial to game, but that can be done.)
Yes, rejecting after data burns bandwidth to carry the body - but
accept-and-bounce is even worse.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               
mouse(_at_)rodents(_dot_)montreal(_dot_)qc(_dot_)ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg