[35410] in bugtraq
Re: Is predictable spam filtering a vulnerability?
daemon@ATHENA.MIT.EDU (Kyle Wheeler)
Mon Jun 21 20:25:46 2004
Date: Sat, 19 Jun 2004 09:56:35 -0500
From: Kyle Wheeler <kyle-bugtraq@memoryhole.net>
To: bugtraq@securityfocus.com
Message-ID: <20040619145634.GA9644@kiowan.bar.forkit.org>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.58.0406170727510.5272@shishi.roaringpenguin.com>
--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jun 17, 2004 at 07:28:45AM -0400, David F. Skoll quoth:
> On Wed, 16 Jun 2004, R Armiento wrote:
>=20
> > However, 'C':s spam filter silently drops the email.
>=20
> In my opinion, any spam filter that silently drops e-mail is broken, and
> is indeed a security risk. A spam filter MUST respond with a 500 SMTP
> failure code if it rejects a message.
A 4xx response code should also be acceptable in some cases (for
example, if an email is being rejected because the return address domain
doesn't resolve: which can only be treated as a temporary error).
The point is that the sender MUST eventually find out the mail didn't
get to it's intended recipient.
~Kyle
--=20
The average Ph.D thesis is nothing but the transference of bones from one
graveyard to another.
-- J. Frank Dobie, "A Texan in England"
--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iD8DBQFA1FQiBkIOoMqOI14RAhEyAJ9G4Br+KGCP5HPhKMn97jD0g35r0gCg1AnR
oT/mwFNPgSymj4SpfbIdF+U=
=ZgEy
-----END PGP SIGNATURE-----
--WIyZ46R2i8wDzkSu--
