Re: RSET command - possible security loophole2011-05-30 18:23:38I have observed a "security loophole" where by spammers are increasingly using RSET to avoid new local policy-based anti-spam technologies such as DNSRBL, SPF, Greylisting, etc, at the SMTP level and this is because the transaction "state" tables during the same session were cleared. I've never seen that, but if it happens, it's a bug in the mail server, not a bug in the spec. No change to 5321 bis, please. R's, John
|
|