[Top] [All Lists]

Re: Do the must 'bounce' rules need to be relaxed for virus infected

2004-03-26 12:40:28

Valdis Klētnieks writes:
On Fri, 26 Mar 2004 15:48:09 +0100, Arnt Gulbrandsen <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> said:

 Explain to me why that relay couldn't do its own SMTP-level rejection?

If you're a secondary MX, life gets interesting.

So it does. It has been getting interesting for a while, though, at least since content filters and callbacks appeared on the scene.

If the virus writer wants that information, he can easily get his own copies of the top ten virus filters.

I think he meant that a virus or spam engine would find the distinction between '250 user OK' and '550 user unknown' to be useful information. For the virus, it means it's found a victim, for the spammer, it's either a new address, a verified address, or a removable dead address....

Oh, I see. Do they really look for that? What would a virus do?

  if valid address
    go on, try another
    try another

I agree that a spammer could potentially use that information. But do they? I still see an unchanging volume of spam to addresses that have been bouncing for four years or more, and that experience matches everything I've heard.

(in other words, the same information leak that closed EXPN and VRFY down).

Only a little more expensive.