From: Micheal E. Jr <mi...@es...> - 2008-06-06 15:54:35
|
GrayHat wrote: >>> the problem then is... will the NDR sending MTA keep that header ? >>> Or will it just throw away it ? In the latter case the "X-Header" >>> > won't > >>> be of any help; that's why I thought to "mangling" the mail address >>> since that one WILL be used to send back the NDR >>> > > >> A good question. I'm not suggesting that it should block if its >> > missing > >> - but we should maybe block if its wrong. >> > > just to expand the idea a little; you can't be 100% sure the NDR will > contain any "useful data"; it may just be a plain vanilla mail message > w/o any attachments saying that the email you sent from the address > "x" to the mailbox "y" wasn't accepted for whatever reason; in such > a case there won't be anything to check/filter; on the other hand, even > if the MTA sending back the NDR will send a piece of (or the whole) > message attached or embedded, you can't be sure it won't be > "mangled" or it will contain the infos you need This is all true. But if its not a impact on performance, perhaps this would be useful scoring criteria for the PB. I'm more or less thinking out-loud about ideas of things to do with and about backscatter. If a domain gets targeted for it, the PB could be useful in generating a profiled score for blocking IP sessions until it passes. |