On Thu, 05 Oct 2006 12:32:07 +0200, [EMAIL PROTECTED] wrote: >back a few years, some mail servers (e.g. qmail) disabled the verify command >to avoid address probing - and as a consequence would send bounces. >Nowadays, the majority of mail servers (apart from aol :) rejects unknown >users with a 5xx response to RCPT TO and thereby re-enables verification. >Apart from tarpitting too many recipients, what is common practice for >a server that detects verification attempts (i.e. successful rcpt followed >by quit) .... ignore, blacklist, other? > >Wolfgang Hamann
I can't speak for others, but our server policy is to allow (n) probes; should they all prove to be bad addresses the IP is banned for 24 hours. The probes don't all have to come at once, just from the same IP within any 24 hour period. This system works very well for dictionary attacks as well. Nigel
