Re: Verisign changes violates RFC2821, and spam implications

[Stewart, William C (Bill), RTSLS]

Avleen Vig suggests that it's very wrong for Verisign's bad-domain catcher to
begin to accept SMTP messages and just reject all recipients with 550s
rather than rejecting the whole transaction with a 554.
I'm glad I'm not the only one who thinks that -
is there some conceivable case for which this system _would_ accept a message,
e.g. [EMAIL PROTECTED] ?
 
On the other hand, it has very interesting implications for spam handling.
While there are bad side effects that can be caused by Verisign's claim that
any non-existent domain name now exists (since it's harder to reject that mail),
the Internet now has one obvious happy destination for spam from harvested addresses.
If your spider bait starts leaving around [EMAIL PROTECTED] ... [EMAIL PROTECTED]
and thousands of similar addresses, the harvesters are going to start catching them
and sending them spam, and the less intelligent harvesters aren't going to validate 
the domains
against Verisign's IP address, and any badly administered machines with open smtp 
relays
are certainly not going to be checking for it, so they'll be creating SMTP sessions 
with Verisign.
 
It's even more fun with dictionary attacks, where the spammer targets [EMAIL PROTECTED]
through [EMAIL PROTECTED] - A DNS rejection would cause a direct attacker
or (more likely) a relay attacker to give up quickly, and a 554 might do that also,
while rejecting all 26**8 recipients one at a time is probably just the kind of 
behaviour 
that spamware is happy to talk to all day.   Now all Verisign needs to add is a 
teergrube function
to generate its responses very slowly after the first couple of them and they'll stay 
tied up for months,
especially since many of them won't notice that bogusdomain1.com through 
bogusdomain32767.com
are all going to the same IP address, since that's not uncommon virtual hosting 
behaviour.
 
                           bill.stewart at pobox.com