On 2009-12-26 Stan Hoeppner wrote: > Len Conrad put forth on 12/26/2009 3:49 PM: >> Requiring HELO is hardly an RFC-abusive setting. I expect almost no >> legit, nor illegit, SMTP servers send EXPN or VRFY before helo, > > I'll add that just about everyone disables VRFY these days to prevent > valid address harvesting,
Which, of course, is utterly pointless. HELO example.org MAIL FROM:<[email protected]> RCPT TO:<[email protected]> QUIT Either your domain's valid addresses can be enumerated, or you're a backscatterer. Take your pick. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
