Re: RSET command - possible security loophole2011-05-31 01:17:09
+1 d/ -- Dave Crocker bbiw.net ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:
I have observed a "security loophole" where by spammers are increasingly using RSET to avoid new local policy-based anti-spam technologies such as DNSRBL, SPF, Greylisting, etc, at the SMTP level and this is because the transaction "state" tables during the same session were cleared.
I've never seen that, but if it happens, it's a bug in the mail server, not a bug in the spec.
No change to 5321 bis, please.