|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Paul Goyette (paul
whooppee.com)
Date: Thu Feb 07 2008 - 09:51:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 7 Feb 2008, Alejandro Facultad wrote:
> Noel, I want people from Internet that send messages to non existant
> users from my domain they don't get an error code (550) but they must
> get an 250 success code. They don't have to know which mail accounts
> are valid or invalid, they must see ALL accounts as valid, because
> nowadays there are a lot of intruders getting our mail accounts,
> probing time after time via telnet port 25 and if they get code 250
> they get a valid account. We want the intruders always get code 250 so
> they can't discriminate between valid and invalid mail accounts.
This won't help you! It will only hurt!
Right now, if they get a 550 error, they know it's not a valid account
and won't send any more spam.
But with your "solution", they'll always get a 250 return, so they'll
think that every account is valid, and they'll continue sending to every
account whether or not it's valid.
Your solution results in MORE spam, not less. And from a security
perspective, it does NOT hide any of the "real" users so it can't
protect them.
> I work for a company with strong security policies for mail accounts.
And just how does your proposed "solution" address those policies?
----------------------------------------------------------------------
| Paul Goyette | PGP DSS Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paulwhooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyettejuniper.net |
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]