> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:assp-test- > [EMAIL PROTECTED] On Behalf Of Charles Marcus > Sent: Tuesday, 6 May 2008 9:46 PM > To: ASSP development mailing list > Subject: Re: [Assp-test] Domainname translation > > On 5/6/2008, David le Blanc ([EMAIL PROTECTED]) wrote: > > BTW, I find recipient validation is not as important as you would > > imagine. Certainly mail to unknown users is normally bounced > > immediately, but that merely assists in harvesting attacks. > > I assume you mean REJECTed, not bounced... but it is a misconception > that it 'assists in harvesting attacks...
The difference is not important here. > Most spam to non-existent addresses are not a result of 'harvesting > attacks, but are plain/simple dictionary attacks. The difference is, in > a dictionary attack (the vast majority), the sending bot does NOT take > note of which addresses are rejected. A semantic difference which is arguably nothing more than a perception of intent.. If you are attacking my methods, try to stay focussed. > So, you are doing a whole lot of unnecessary work, for little to ZERO > gain. > > I prefer to accept all email (which otherwise passes spam checking) > > and validate that it is in fact junk. Apart from backscatter, which > > seems to be a growing problem even with ASSP, most of the non-junk > > misaddressed email is simply that. Usually due to the number of > > unpronounceable European names in our (very small) organisation. > > Yes - and senders who make innocent mistakes (typos) are never informed > that their email was never delivered. > > This is bad, but if you are OK with your users very probably losing > legitimate mail, then that is your problem. Any legitimate sender will always get an NDR for a failed delivery. The original comment was specifically describing the choice made between ASSP (or any other product) rejecting the incoming email at the perimeter based on recipient validation, versus accepting the mail for processing and later issuing an NDR due to an invalid recipient. Reiterating, I choose NOT to 'REJECT' email based on recipient, but rather forward to the email to the appropriate end point which can issue an NDR, allowing me to, at some later point in time, to review the email, possibly forwarding to the intended (or appropriate) recipient. > >> If you do apply something like this, be damn sure you don't bounce > >> messages to unknown recipients *after* accepting them through one > >> of these catch-call type addresses. > > > Not sure where you are going with this. Why would a catch all address > > bounce? > > Maybe you don't understand the difference between BOUNCE and REJECT? sigh... ditto. > > > And What would the problem be? > > Accepting mail for final delivery, then generating a BOUNCE message > after the message has been accepted fro delivery is called > backscatter... You are clearly bored. This appears to be little more than misinformed and thinly veiled personal attack. If you are so bored, here are some resources to help get you going again, maybe your next pointless attack could be less uninformed. Backscatter: http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop -it.html NDR: (aka bounce) http://www.webopedia.com/TERM/N/NDR.html And a hard one for you... Catchall Email Addresses; http://www.homebiztools.com/questions/catchall.htm > > Best regards, > Charles > > ----------------------------------------------------------------------- > -- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/ > javaone > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
