RobertH wrote:
I'm doing an experimental free MX backup service and
wondering if it will get exploited. I'm wondering if I'm
overlooking anything obvious?
Here's the info on it:
http://www.free-mx-backup.com
The idea is that it detects if we are the secondary and not
the primary MX and will store and deliver email for those
domains. I'm trying to think if I'm leaving myself open for
anything I'm going to regret. If you were a spammer how would
you take advantage of this?
perkel,
there are several ways to attempt to exploit this.
the most obvious to me is that you cannot check for a validrcptto without
knowing all the valid email addresses and aliases etc that are available on
the authorized mail exchangers and/or final destination mail server(s)...
so, even it is does not appear to be spam, you may be accepting email for a
non existant email address and eventually that will bounce, eh?
need more?
What I plan to do is skip all bounce messages with this service but I
might try to make this smart. Maybe I could do bounce message when the
sender is on one of my white lists and no bounce for anything questionable.
Yes - give me more reasons. The more I fix up front the less I'll have
to deal with later.