[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-06-28 09:57:05
On Tue, 28 Jun 2005 11:21:02 EDT, Hector Santos said:
If you are going to do selective quoting to nitpick and point out whatever
you want, without reading related comments in the message and/or other
thread fibers, then I will begin to ignore your replies.

It is generally considered good e-mail etiquette to trim extraneous material,
so that an ensuing thread doesn't keep re-quoting it.  Having said that, I'm
hereby re-quoting the material *YOU* excised, which is the point of this thread:

(Please feel free to re-cite material that is *directly* relevant to the 
point under discussion, namely the concept of skipping a postmaster@ on a 

On Mon, 27 Jun 2005 21:10:38 EDT, Hector Santos said:

MAIL FROM:<postmaster(_at_)domain> means "send bounces to
postmaster(_at_)domain", NOT "no bounce needed".

In regards to a CBV,  a postmaster(_at_)domain is skipped.

a) This is codified in a standard, where, exactly?

A perfectly valid question regarding a CBV - is there any standard that says
a postmaster is skipped?  If not, you're arguing from "one/several 
happen to do it that way", and will need to justify why this behavior is done.

b) This provides spammers a easy way out by sending with MAIL

Particularly in light of the fact that the scheme has a big "SPAMMERS, DO THIS
TO EVADE" hanging all over it...

c) Wander over to and see all the sites that *don't*
properly support 'postmaster', so the assumption that "We won't check it 
we "know" it's operational" is severely b0rked.

Combined with the fact that enough sites in fact manage to *not* support 
in violation of the RFCs that automatically white-listing it is a bad idea.

So we have a non-standard practice, combined with an obvious exploit, and of
dubious actual usefulness in a real world that has difficulty following the 
standards.  If you have a concrete technical explanation of why it's *still*
a good idea in face of all that, let us know....

Attachment: pgpvVzSGpMYih.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>