[35496] in bugtraq
Re: Is predictable spam filtering a vulnerability? (silently
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Jun 25 18:42:59 2004
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Message-Id: <200406251952.PAA04972@Sparkle.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Date: Fri, 25 Jun 2004 15:49:27 -0400 (EDT)
To: bugtraq@securityfocus.com
In-Reply-To: <5.1.1.6.2.20040623143643.093de500@mail.professional.org>
>> A 5xx failure code is a lot more friendly than actually generating a
>> DSN.
> Well, you're causing the sending/relaying host to generate the DSN.
Only if the sending host is running a real MTA. If it's ratware
talking to you, it won't do anything of the sort. _That_ is the real
gain of an SMTP-layer rejection over accept-and-bounce: it doesn't
generate DSNs when talking to ratware.
> Quite possibly back to some sod who has been joe-jobbed.
But in that respect it's no worse than generating a DSN yourself.
Better sometimes and no worse the other times - sounds like a win.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
