John Brooks wrote:
I've just received this response from a large corporate email
system regarding their claim that emails sent to them are not
getting through even though our logs contain acknowledgements
of accepting the mail sent.
In our mail logs:
... status=sent (250 Message accepted for delivery)
Their response:
... "my understanding of the <firmname removed> security policy
is not to acknowledge mistakes in email addresses as a best
practice defense against phishing and other types of email
delivered attacks."
Anybody run into this kind of logic before?
Yes, that's part of how greytrapping works:
http://www.openbsd.org/cgi-bin/man.cgi?query=spamd#GREYTRAPPING
I've seen other implementations do greytrapping for *every* invalid
address that comes through, too.
--
Matthew Weigel
hacker
unique & idempot . ent
