Ok, I didn't noticed how easy could spam pass this test. Thanks Scott.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 05, 2003 6:00 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] MAILFROM like Imail Test.. >Declude MAILFROM test check only the domain on the MAILFROM address >But we recive a lot of SPAM with mailfrom like this. <[EMAIL PROTECTED]> >since hotmail.com is a valid Domain, then the message pass the test > >Is there a test like the "Mailfrom" of Imail that test that the >user really exists on the remote server ?? No. The problem is that such a test is very resource intensive -- specifically, it will use about 10 times as much bandwidth as the MAILFROM test, and will often have false negatives (E-mail addresses that do not exist, but pass the test), and occasional false positives (E-mail addresses that do exist, but fail the test). Also, it will delay the delivery of the E-mail by anywhere from several seconds to a minute or so (lots of mailservers take a long time to respond to commands), as there are about 8 round trips that need to be made rather than just 1 -- and those round trips also require more effort on the remote end. Then, imagine if a spammer joe jobs you, using your E-mail address as the return address. If everyone plays this game, then your mailserver is going to receive thousands to millions of hits in a very short period of time, causing a DDoS attack on your server. So I'm not a big fan of this type of test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
