[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: sorbs blacklisting scam

On Sat, Apr 29, 2006 at 08:33:22PM -0700, Mike Bird wrote:
> You are mistaken Craig.  Consider our case.  A spam was sent
> with the sender's address forged as one of SORBS's honeypots.
> Although I lot of spam is rejected during SMTP delivery, this
> was accepted and subsequently bounced.  Unlike reputable RBLs,
> SORBS does not filter bounces of forgeries.

There is no valid reason whatsoever to send bounces for spam. If you have a
system that can be used as a reflector to send me spam, I personally want
it blocked. They are basically behaving as open relays, they only add an
error header.

All well designed MTA's are built so that all instances on a system can
refuse undeliverable mail during the SMTP transaction. Dropping spam after
that should be done silently, via a quarantine, or not at all. Even
substandard MTA's such as qmail tend to have 3rd party patches to fix this
security vulnerability.

Reflectors have been used for so much abuse, both spam and denial of service
(not limited to email) attacks that there really is no excuse.

Attachment: signature.asc
Description: Digital signature

Reply to: