GrayHat wrote:
the problem then is... will the NDR sending MTA keep that header ? Or will it just throw away it ? In the latter case the "X-Header"won'tbe of any help; that's why I thought to "mangling" the mail address since that one WILL be used to send back the NDRA good question. I'm not suggesting that it should block if itsmissing- but we should maybe block if its wrong.just to expand the idea a little; you can't be 100% sure the NDR will contain any "useful data"; it may just be a plain vanilla mail message w/o any attachments saying that the email you sent from the address "x" to the mailbox "y" wasn't accepted for whatever reason; in such a case there won't be anything to check/filter; on the other hand, even if the MTA sending back the NDR will send a piece of (or the whole) message attached or embedded, you can't be sure it won't be "mangled" or it will contain the infos you need
This is all true. But if its not a impact on performance, perhaps this would be useful scoring criteria for the PB.
I'm more or less thinking out-loud about ideas of things to do with and about backscatter. If a domain gets targeted for it, the PB could be useful in generating a profiled score for blocking IP sessions until it passes.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
