[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040619145634.GA9644@kiowan.bar.forkit.org>
Date: Sat, 19 Jun 2004 09:56:35 -0500
From: Kyle Wheeler <kyle-bugtraq@...oryhole.net>
To: bugtraq@...urityfocus.com
Subject: Re: Is predictable spam filtering a vulnerability?
On Thu, Jun 17, 2004 at 07:28:45AM -0400, David F. Skoll quoth:
> On Wed, 16 Jun 2004, R Armiento wrote:
>
> > However, 'C':s spam filter silently drops the email.
>
> In my opinion, any spam filter that silently drops e-mail is broken, and
> is indeed a security risk. A spam filter MUST respond with a 500 SMTP
> failure code if it rejects a message.
A 4xx response code should also be acceptable in some cases (for
example, if an email is being rejected because the return address domain
doesn't resolve: which can only be treated as a temporary error).
The point is that the sender MUST eventually find out the mail didn't
get to it's intended recipient.
~Kyle
--
The average Ph.D thesis is nothing but the transference of bones from one
graveyard to another.
-- J. Frank Dobie, "A Texan in England"
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists