[Mimedefang] how to disable notify=success
Aleksandar Milivojevic
alex at milivojevic.org
Thu Nov 17 12:03:20 EST 2005
Quoting "Kevin A. McGrail" <kmcgrail at pccc.com>:
> I have to concur but I'll give you more ammunition.
>
> This is pretty broken and large ISPs like AOL and Yahoo may block
> mail servers that do not accept bounces.
>
> For example, from: http://postmaster.aol.com/guidelines/standards.html
>
> AOL may reject connections from senders who are unable to accept at
> least 90% of the bounce-return messages (mailer-daemon failure/error
> messages) destined for their systems.
Which in turn is also broken. To make a DOS attack (prevent AOL
subscribers to
send email to particular domain), one would just generate bunch of emails to
non-existing AOL addresses that would have envelope sender set to non-existing
user at particular domain. Attacker generates fake emails, AOL generates
bounces, bounces fail, AOL blocks domain. Nice.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the MIMEDefang
mailing list