Valdis Klētnieks writes:
On Fri, 26 Mar 2004 15:48:09 +0100, Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> said:
Explain to me why that relay couldn't do its own SMTP-level rejection?
If you're a secondary MX, life gets interesting.
So it does. It has been getting interesting for a while, though, at
least since content filters and callbacks appeared on the scene.
If the virus writer wants that information, he can easily get his
own copies of the top ten virus filters.
I think he meant that a virus or spam engine would find the
distinction between '250 user OK' and '550 user unknown' to be useful
information. For the virus, it means it's found a victim, for the
spammer, it's either a new address, a verified address, or a
removable dead address....
Oh, I see. Do they really look for that? What would a virus do?
if valid address
go on, try another
else
try another
I agree that a spammer could potentially use that information. But do
they? I still see an unchanging volume of spam to addresses that have
been bouncing for four years or more, and that experience matches
everything I've heard.
(in other words, the same information leak that closed EXPN and VRFY down).
Only a little more expensive.
Arnt