| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: JThomas at poweronemedia.com (Joshua Thomas) Subject: VeriSign's fake SMTP server for SiteFinder > But why they wait until the DATA command is a total mystery to me. It > seems much more logical to bounce the message after the RCPT TO: > command. <conspiracy theory> To read our mail? </conspiracy theory> By the way, looks like they switched to Postfix? ibanix@...xxx:~$ telnet sdf435a.com 25 Trying 64.94.110.11... Connected to sdf435a.com. Escape character is '^]'. 220 sitefinder.verisign.com VeriSign mail rejector (Postfix) ^CConnection closed by foreign host. Joshua Thomas > > Hope this helps, > > Dan > > > > > > > On Mon, 2003-09-22 at 20:13, Richard M. Smith wrote: > > Hello, > > > > Does anyone know why Verisign has set up a fake SMTP server at their > > SiteFinder service to bounce email messages sent to misspelled or > > expired domain names? The fake SiteFinder SMTP server gives the > > impression that it is a real SMTP server and happily > accepts "To" and > > "From" email addresses before rejecting a misdirected email > message. > > > > I don't quite understand what technical issues Verisign is trying to > > solve here with a fake server. Any guesses? > > > > I've attached an early email from Verisign that gives a bit more > > information about how this fake SMTP server operates but > not why it is > > needed. > > > > Richard M. Smith > > http://www.ComputerBytesMan.com > > > > ======================================== > > > > -----Original Message----- > > From: sitefinder@...isign-grs.com [mailto:sitefinder@...isign-grs.com] > Sent: Saturday, September 20, 2003 4:03 PM > To: Richard M. Smith > Subject: Re: Verisign's SiteFinder also breaks Outlook > (KMM988642V87763L0KM) > > Dear Richard, > > We wanted to pass along a recent update we made our email Bounce server: > > One piece of feedback we received multiple times after the addition of > the wildcard A record to the .com/.net zones concerned snubby, our > SMTP mail rejection server. This server was designed to be the most > modest of SMTP implementations and supported only the most common > sequence of SMTP commands. > > In response to this feedback, we have deployed an alternate SMTP > implementation using Postfix that should address many of the concerns > we've heard. Like snubby, this server rejects any mail sent to it (by > returning 550 in response to any number of RCPT TO commands). > > We would like to state for the record that the only purpose of this > server is to reject mail immediately to avoid its remaining in MTA > queues throughout the Internet. We are specifically not retaining, > nor do we have any intention to retain, any email addresses from these > SMTP transactions. In fact, to achieve sufficient performance, all > logging has been disabled. > > Refer to our General & Technical FAQs regarding other questions on the > new Site Finder service. They are located at: > > http://www.verisign.com/nds/naming/sitefinder/ > > We remain committed to ensuring that Site Finder improves Web navigation > and the user experience. > > Thank you. > > Best Regards, > > Customer Service > VeriSign, Inc. > www.verisign.com > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030922/1e40dfdc/attachment.html
Powered by blists - more mailing lists