Re: Is predictable spam filtering a vulnerability? (silently dropping messages)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
From: der Mouse <mouse@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Jun 2004 15:49:27 -0400 (EDT)
In-reply-to: <5.1.1.6.2.20040623143643.093de500@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20040622142002.GB2855@xxxxxxxxxxxxxxxx> <200406161326.AA304546076@xxxxxxxxxxx> <Pine.LNX.4.58.0406170727510.5272@xxxxxxxxxxxxxxxxxxxxxxxxx> <20040622142002.GB2855@xxxxxxxxxxxxxxxx> <5.1.1.6.2.20040623143643.093de500@xxxxxxxxxxxxxxxxxxxxx>

>> A 5xx failure code is a lot more friendly than actually generating a
>> DSN.
> Well, you're causing the sending/relaying host to generate the DSN.

Only if the sending host is running a real MTA.  If it's ratware
talking to you, it won't do anything of the sort.  _That_ is the real
gain of an SMTP-layer rejection over accept-and-bounce: it doesn't
generate DSNs when talking to ratware.

> Quite possibly back to some sod who has been joe-jobbed.

But in that respect it's no worse than generating a DSN yourself.
Better sometimes and no worse the other times - sounds like a win.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse@xxxxxxxxxxxxxxxxxxxxxx
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
  - From: Martin Mačok
- Is predictable spam filtering a vulnerability?
  - From: R Armiento
- Re: Is predictable spam filtering a vulnerability?
  - From: David F. Skoll
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
  - From: Sean Straw / PSE

Prev by Date: Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181
Next by Date: [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy
Previous by thread: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
Next by thread: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
Index(es):
- Date
- Thread