ietf-smtp
[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-31 01:17:09
+1

d/
--
Dave Crocker
bbiw.net

ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:



I have observed a "security loophole" where by spammers are
increasingly using RSET to avoid new local policy-based anti-spam
technologies such as DNSRBL, SPF, Greylisting, etc, at the SMTP level
and this is because the transaction "state" tables during the same
session were cleared.

I've never seen that, but if it happens, it's a bug in the mail
server, not a bug in the spec.

No change to 5321 bis, please.

+1

                                Ned