lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040619145634.GA9644@kiowan.bar.forkit.org>
Date: Sat, 19 Jun 2004 09:56:35 -0500
From: Kyle Wheeler <kyle-bugtraq@...oryhole.net>
To: bugtraq@...urityfocus.com
Subject: Re: Is predictable spam filtering a vulnerability?

On Thu, Jun 17, 2004 at 07:28:45AM -0400, David F. Skoll quoth:
> On Wed, 16 Jun 2004, R Armiento wrote:
> 
> > However, 'C':s spam filter silently drops the email.
> 
> In my opinion, any spam filter that silently drops e-mail is broken, and
> is indeed a security risk.  A spam filter MUST respond with a 500 SMTP
> failure code if it rejects a message.

A 4xx response code should also be acceptable in some cases (for
example, if an email is being rejected because the return address domain
doesn't resolve: which can only be treated as a temporary error).

The point is that the sender MUST eventually find out the mail didn't
get to it's intended recipient.

~Kyle

-- 
The average Ph.D thesis is nothing but the transference of bones from one
graveyard to another.
-- J. Frank Dobie, "A Texan in England"

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ