On 5/6/2008, David le Blanc ([EMAIL PROTECTED]) wrote: > BTW, I find recipient validation is not as important as you would > imagine. Certainly mail to unknown users is normally bounced > immediately, but that merely assists in harvesting attacks.
I assume you mean REJECTed, not bounced... but it is a misconception that it 'assists in harvesting attacks... Most spam to non-existent addresses are not a result of 'harvesting attacks, but are plain/simple dictionary attacks. The difference is, in a dictionary attack (the vast majority), the sending bot does NOT take note of which addresses are rejected. So, you are doing a whole lot of unnecessary work, for little to ZERO gain. > I prefer to accept all email (which otherwise passes spam checking) > and validate that it is in fact junk. Apart from backscatter, which > seems to be a growing problem even with ASSP, most of the non-junk > misaddressed email is simply that. Usually due to the number of > unpronounceable European names in our (very small) organisation. Yes - and senders who make innocent mistakes (typos) are never informed that their email was never delivered. This is bad, but if you are OK with your users very probably losing legitimate mail, then that is your problem. >> If you do apply something like this, be damn sure you don't bounce >> messages to unknown recipients *after* accepting them through one >> of these catch-call type addresses. > Not sure where you are going with this. Why would a catch all address > bounce? Maybe you don't understand the difference between BOUNCE and REJECT? > And What would the problem be? Accepting mail for final delivery, then generating a BOUNCE message after the message has been accepted fro delivery is called backscatter... -- Best regards, Charles ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
