On Fri, 27 May 2016, Matus UHLAR - fantomas wrote:
Another one came onto my mind:
abuse@ address separation.
- mail to abuse@ should not be rejected as spam, even it it might be scanned
(it might be spam report and those should not be rejected)
- spams to abuse@ and other addresses should not be passed.
the way to work around these requirements is to temporarily deny all
non-abuse recipients when the first accepted(existing) one is abuse@,
Right.
and to temporarily deny abuse@ when non-abuse recipient was accepted.
What's the logic bahind that? What if the site is a hosting provider and
the abuse report was sent to both the abuse@ mailbox and the owner of the
specific sub-site that's involved in the abuse (e.g. malware hosting)?
Mail to abuse@ should *never* be denied for any reason other than the
mailbox doesn't exist. (And then I would suggest that the MTA should
transparently try to deliver the email to postmaster@, as you are
*supposed* to have an abuse@ address...)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
One death is a tragedy; thirty is a media sensation;
a million is a statistic. -- Joseph Stalin, modernized
-----------------------------------------------------------------------
3 days until Memorial Day - honor those who sacrificed for our liberty
