<<< Date Index >>>     <<< Thread Index >>>

Re: Is predictable spam filtering a vulnerability?



On Thu, Jun 17, 2004 at 07:28:45AM -0400, David F. Skoll quoth:
> On Wed, 16 Jun 2004, R Armiento wrote:
> 
> > However, 'C':s spam filter silently drops the email.
> 
> In my opinion, any spam filter that silently drops e-mail is broken, and
> is indeed a security risk.  A spam filter MUST respond with a 500 SMTP
> failure code if it rejects a message.

A 4xx response code should also be acceptable in some cases (for
example, if an email is being rejected because the return address domain
doesn't resolve: which can only be treated as a temporary error).

The point is that the sender MUST eventually find out the mail didn't
get to it's intended recipient.

~Kyle

-- 
The average Ph.D thesis is nothing but the transference of bones from one
graveyard to another.
-- J. Frank Dobie, "A Texan in England"

Attachment: pgpYnRe1YUStS.pgp
Description: PGP signature