On Fri, Oct 01, 2004 at 09:29:27AM +0100, Danny Angus wrote:
I believe what you are saying is that the RCPT TO: should be evaluated
before any other checks. I don't have any specific statistics to support
this, but I have noticed in previous work that there was a very
significant
level of email addressed to non-existent or expired customers. The RCPT
TO:
should be evaluated first,
Rejecting based upon RCPT TO alone is a significant logical hole it allows
automated address harvesters to poll an MTA with random addresses so that
it can build up a list of valid ones.
Far better to validate upon receipt of all three, and reject with no notice
of what check failed.
But then the legitimate sender has no clue as to what part of his setup
is faulty and caused the reject, which should be avoided imho.
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/