Right. But an automated bot can harvest valid addresses from 5xx responses to RCPT TOs very rapidly.
Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Durkee, Peter Sent: Wednesday, June 16, 2004 1:45 PM To: Exchange Discussions Subject: RE: Outbound Email Queue Exactly...with something like 80% of today's spam coming from zombie relays, and also having spoofed from addresses, I don't think the spammers can be paying close attention to the NDRs that come back. -Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Kennedy Sent: Wednesday, 16 June, 2004 12:29 To: Exchange Discussions Subject: RE: Outbound Email Queue Yes, that is defiantly the downside to doing it this way. But I went forward with it deciding that it is low risk that could pull that off. They would have to fire a lot of requests from a server that they can monitor the 5xx's on until they got a hit. And any one hitting my machine that hard for that long would be null routed in a heart beat. In most cases they don't operate that way, they hijack a machine upload their list and walk away. The from/reply addresses are faked so they can't monitor that........So far so good, we have been doing it for a few months now this way. But yes, it is a risk. JK -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, June 16, 2004 3:18 PM To: Exchange Discussions Subject: RE: Outbound Email Queue I see. Doesn't that make it easier for the spammer to determine the valid addresses much easier? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Kennedy Sent: Wednesday, June 16, 2004 12:12 PM To: Exchange Discussions Subject: RE: Outbound Email Queue Fix the typo? No that wasn't what I meant, my concern was alerting the sender of the typo (would the script you suggested do this?) With the AD check enabled the sending server would NDR the sender based upon the 5xx during the connection. When 2003 does the AD check it is during the connection, so it does not accept the message for delivery, it returns a fatal. So no NDR from your server is needed. So yes this takes all of the NDR's for invalid addresses out of your outbound queue. Works great. I have no outbound queue anymore. And this is with an ongoing dictionary attack of 5000 messages a day. JK -----Original Message----- From: On Behalf Of Ed Crowley [MVP] Sent: Wednesday, June 16, 2004 2:59 PM To: Exchange Discussions Subject: RE: Outbound Email Queue And that feature would fix typos and stop NDRs? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Kennedy Sent: Wednesday, June 16, 2004 11:57 AM To: Exchange Discussions Subject: RE: Outbound Email Queue >-----Original Message----- >From: On Behalf Of Ed Crowley >If you upgrade to Exchange 2000 you can use the Catch-All Event Script to dump such messages without NDRs. But wouldn't that also dump accidental typo's to valid people, and the sender would never know they typo'd. Or recently terminated employees and clients have not yet been informed and no forward is yet set up. I vote Exch 2003 and the check recipients against AD check box. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
