From: Pawe³ Le¶niak (warlordlesniakowie.com)
Date: Thu Apr 24 2008 - 13:29:02 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The manner in which this is written is a bit abrasive and you may
> disagree with it, but it outlines the potential problems caused by
> VRFY, at least it lets you know some people get very mad about this:
>
> http://www.backscatterer.org/?target=sendercallouts
>
> In a nutshell, somebody sends out a flood of spam to your server and
> forges my e-mail address, now your server floods my server with a ton
> of VRFY when I had nothing to do with those e-mails in the first
> place, possibly causing an (albeit unintended) DoS on my server.
>
OK. I've read and mostly understand. But I do not agree fully. If
checking recipient is so bad, why greylisting is not? When greylisting
server has to reply with 450, and I can't really see a big difference.
And one more thing - if they accept making spamtraps how do they know if
I've just mistyped address, or I'm doing attack?

As long as SMTP is so opened to attacks, there will be a group of people
who think one thing is cool and the other not. Maybe it's time to make a
proposal for some standardization of anti-spam techniques.

Pawel Lesniak

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]