On Tue, 28 Jun 2005 11:21:02 EDT, Hector Santos said:
If you are going to do selective quoting to nitpick and point out whatever
you want, without reading related comments in the message and/or other
thread fibers, then I will begin to ignore your replies.
It is generally considered good e-mail etiquette to trim extraneous material,
so that an ensuing thread doesn't keep re-quoting it. Having said that, I'm
hereby re-quoting the material *YOU* excised, which is the point of this thread:
(Please feel free to re-cite material that is *directly* relevant to the
*specific*
point under discussion, namely the concept of skipping a postmaster@ on a
CVB...)
On Mon, 27 Jun 2005 21:10:38 EDT, Hector Santos said:
MAIL FROM:<postmaster(_at_)domain> means "send bounces to
postmaster(_at_)domain", NOT "no bounce needed".
In regards to a CBV, a postmaster(_at_)domain is skipped.
a) This is codified in a standard, where, exactly?
A perfectly valid question regarding a CBV - is there any standard that says
a postmaster is skipped? If not, you're arguing from "one/several
implementations
happen to do it that way", and will need to justify why this behavior is done.
b) This provides spammers a easy way out by sending with MAIL
FROM:<postmaster...'
Particularly in light of the fact that the scheme has a big "SPAMMERS, DO THIS
TO EVADE" hanging all over it...
c) Wander over to www.rfc-ignorant.org and see all the sites that *don't*
properly support 'postmaster', so the assumption that "We won't check it
because
we "know" it's operational" is severely b0rked.
Combined with the fact that enough sites in fact manage to *not* support
"postmaster"
in violation of the RFCs that automatically white-listing it is a bad idea.
So we have a non-standard practice, combined with an obvious exploit, and of
dubious actual usefulness in a real world that has difficulty following the
*current*
standards. If you have a concrete technical explanation of why it's *still*
a good idea in face of all that, let us know....
pgpvVzSGpMYih.pgp
Description: PGP signature