From: Bojan Z. <Bojan.Zdrnja@LSS.hr> - 2005-07-26 22:15:30
|
> -----Original Message----- > From: ama...@li... > [mailto:ama...@li...] On Behalf Of Gary V > Sent: Tuesday, 26 July 2005 4:05 a.m. > To: Stuart Johnston > Cc: ama...@li... > Subject: Re: [AMaViS-user] FINAL DECISION: Will our machine handle it > > I've read that Exchange 2003: > "Exchange can now be set up to refuse messages for nonexistent users, > and you can choose not to send a non-delivery receipt (NDR) when a > message arrives for a nonexistent user. This prevents the common > dictionary attack where a spammer tries to determine which e-mail > addresses are valid in your domain by sending test e-mails to > thousands of names and watching for NDRs. > > So it looks like Redmond is shifting its philosophy, but like I said, > IMHO not sending reject notices (at least for nonexistent > users) is dangerous. Exactly! In my opinion, silently discarding e-mails for non existent users is even worse then sending bounces. Why is that? Because the end user can't expect reliable e-mail delivery anymore. He can't be sure that he didn't mistype recipient's e-mail address anymore - this "solution" won't send a NDN and the sender won't know that his message wasn't received by the recipient. Therefore (as it can be already seen :), I'm strongly for rejecting non existent users at the front end. Yes, there are some negative sides about this (makes it easier to harvest working e-mail addresses), but I think that the benefit of not deailing with bouncers greatly overweights this. Cheers, Bojan |