lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.44.0309221535440.26387-100000@kepler.acns.bethel.edu>
From: b-nordquist at bethel.edu (Brent J. Nordquist)
Subject: VeriSign's fake SMTP server for SiteFinder

On Mon, 22 Sep 2003, Richard M. Smith <rms@...puterbytesman.com> wrote:

> Does anyone know why Verisign has set up a fake SMTP server at their
> SiteFinder service to bounce email messages sent to misspelled or
> expired domain names?

Yeah; it's outlined in their "best practices" document.  Here's the email 
they sent with a pointer to the PDF:

http://www1.ietf.org/mail-archive/ietf/Current/msg22244.html

The upshot is that now, instead of my mail server being able to reject 
mail from bogus (non-existent) domains, it sits in my mail spool while I 
try to contact "snubby" their little SMTP rejector, which (last time I 
looked) isn't handling the load very well.

Needless to say this does not make me happy, and I would not apply the
label "best practices" to what VeriSign is doing.

-- 
Brent J. Nordquist <b-nordquist@...hel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ