On Sun, 26 Aug 2007, Dave Pooser wrote: > > Except that I can verify addresses after checking blacklists, RDNS and other > checks to make dictionary attacks harder on the spammers. It may be possible > to put ACLs on VRFY in Exim, but I haven't looked into it.
I don't believe dictionary attacks are a problem, except for the extra load they cause. The validity of normal email addresses is public information, so a dictionary attack doesn't tell the spammer anything they can't find out another way. If you want to create secret email addresses then you'll have to incorporate enough randomness that a dictionary attack will fail - relying on obscurity or 100% blacklist coverage isn't enough. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ IRISH SEA: SOUTHERLY, BACKING NORTHEASTERLY FOR A TIME, 3 OR 4. SLIGHT OR MODERATE. SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.