David F. Skoll wrote:
This ignores client side spam filters, and doesn't really change the attack. The 500 message would be sent back to A, but not B, so B is still in the dark about C not receiving the emails.On Wed, 16 Jun 2004, R Armiento wrote:However, 'C':s spam filter silently drops the email.In my opinion, any spam filter that silently drops e-mail is broken, and is indeed a security risk. A spam filter MUST respond with a 500 SMTP failure code if it rejects a message. Regards, David.
jon