Re: Is predictable spam filtering a vulnerability?

To: dfs@xxxxxxxxxxxxxxxxxx
Subject: Re: Is predictable spam filtering a vulnerability?
From: Jon Fiedler <jmf9@xxxxxxxx>
Date: Fri, 18 Jun 2004 19:49:29 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.0406170727510.5272@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200406161326.AA304546076@xxxxxxxxxxx> <Pine.LNX.4.58.0406170727510.5272@xxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: jmf9@xxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

David F. Skoll wrote:

On Wed, 16 Jun 2004, R Armiento wrote:

However, 'C':s spam filter silently drops the email.


In my opinion, any spam filter that silently drops e-mail is broken, and
is indeed a security risk.  A spam filter MUST respond with a 500 SMTP
failure code if it rejects a message.

Regards,

David.

This ignores client side spam filters, and doesn't really change theattack. The 500 message would be sent back to A, but not B, so B isstill in the dark about C not receiving the emails.

jon

Follow-Ups:
- Re: Is predictable spam filtering a vulnerability?
  - From: David F. Skoll

References:
- Is predictable spam filtering a vulnerability?
  - From: R Armiento
- Re: Is predictable spam filtering a vulnerability?
  - From: David F. Skoll

Prev by Date: Re: Is predictable spam filtering a vulnerability?
Next by Date: Re: Is predictable spam filtering a vulnerability?
Previous by thread: Re: Is predictable spam filtering a vulnerability?
Next by thread: Re: Is predictable spam filtering a vulnerability?
Index(es):
- Date
- Thread