lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <01fb01c3813d$aa6e4f50$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: VeriSign's fake SMTP server for SiteFinder

Hello,

Does anyone know why Verisign has set up a fake SMTP server at their
SiteFinder service to bounce email messages sent to misspelled or
expired domain names?  The fake SiteFinder SMTP server gives the
impression that it is a real SMTP server and happily accepts "To" and
"From" email addresses before rejecting a misdirected email message.  

I don't quite understand what technical issues Verisign is trying to
solve here with a fake server.  Any guesses?

I've attached an early email from Verisign that gives a bit more
information about how this fake SMTP server operates but not why it is
needed.

Richard M. Smith
http://www.ComputerBytesMan.com

========================================

-----Original Message-----
From: sitefinder@...isign-grs.com [mailto:sitefinder@...isign-grs.com] 
Sent: Saturday, September 20, 2003 4:03 PM
To: Richard M. Smith
Subject: Re: Verisign's SiteFinder also breaks Outlook
(KMM988642V87763L0KM)

Dear Richard,

We wanted to pass along a recent update we made our email Bounce server:

One piece of feedback we received multiple times after the addition of
the wildcard A record to the .com/.net zones concerned snubby, our
SMTP mail rejection server.  This server was designed to be the most
modest of SMTP implementations and supported only the most common
sequence of SMTP commands.

In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard.  Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO commands).

We would like to state for the record that the only purpose of this
server is to reject mail immediately to avoid its remaining in MTA
queues throughout the Internet.  We are specifically not retaining,
nor do we have any intention to retain, any email addresses from these
SMTP transactions.  In fact, to achieve sufficient performance, all
logging has been disabled.

Refer to our General & Technical FAQs regarding other questions on the 
new Site Finder service. They are located at:

http://www.verisign.com/nds/naming/sitefinder/

We remain committed to ensuring that Site Finder improves Web navigation
and the user experience.

Thank you.

Best Regards,

Customer Service
VeriSign, Inc.
www.verisign.com





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ