[Mimedefang] how to disable notify=success

Aleksandar Milivojevic alex at milivojevic.org
Thu Nov 17 12:03:20 EST 2005

Quoting "Kevin A. McGrail" <kmcgrail at pccc.com>:

> I have to concur but I'll give you more ammunition.
> This is pretty broken and large ISPs like AOL and Yahoo may block 
> mail servers that do not accept bounces.
> For example, from: http://postmaster.aol.com/guidelines/standards.html
>  AOL may reject connections from senders who are unable to accept at 
> least 90% of the bounce-return messages (mailer-daemon failure/error 
> messages) destined for their systems.

Which in turn is also broken.  To make a DOS attack (prevent AOL 
subscribers to
send email to particular domain), one would just generate bunch of emails to
non-existing AOL addresses that would have envelope sender set to non-existing
user at particular domain.  Attacker generates fake emails, AOL generates
bounces, bounces fail, AOL blocks domain.  Nice.

This message was sent using IMP, the Internet Messaging Program.

More information about the MIMEDefang mailing list