[Mimedefang] Removing read receipts for particular account.
David F. Skoll
dfs at roaringpenguin.com
Fri May 7 00:09:04 EDT 2004
On Fri, 7 May 2004, Mark Suter wrote:
> Automaticaly generated emails such as return receipts, delivery notices,
> read receipts and out of office replies provide a wealth of information
> to a potential attacker, for example,
> * operating systems and versions
> * email server software and versions
> * email client software and versions
> * email architecture
Most of this info can be gleaned by other means, so dropping return
receipts to avoid revealing this is a bit pointless, IMO. Furthermore,
you should assume that an attacker has full knowledge of your network
anyway.
> Also consider dropping outbound NDN notices,
Please don't do that. NDN's were invented for a reason: To make e-mail
reliable. If you drop NDN's, you chip away at e-mail's reliability,
which is worse for people's confidence in e-mail than spam.
Regards,
David.
More information about the MIMEDefang
mailing list