Bugtraq mailing list archives

Re: Is predictable spam filtering a vulnerability?

From: Jon Fiedler <jmf9 () cwru edu>
Date: Fri, 18 Jun 2004 19:49:29 -0500

David F. Skoll wrote:

On Wed, 16 Jun 2004, R Armiento wrote:

However, 'C':s spam filter silently drops the email.


In my opinion, any spam filter that silently drops e-mail is broken, and
is indeed a security risk.  A spam filter MUST respond with a 500 SMTP
failure code if it rejects a message.

Regards,

David.

This ignores client side spam filters, and doesn't really change theattack. The 500 message would be sent back to A, but not B, so B isstill in the dark about C not receiving the emails.

jon

Current thread:

Is predictable spam filtering a vulnerability? R Armiento (Jun 16)
- Re: Is predictable spam filtering a vulnerability? Joel Eriksson (Jun 18)
  - Re: Is predictable spam filtering a vulnerability? Jason Coombs (Jun 19)
  - Re: Is predictable spam filtering a vulnerability? Bill Burge (Jun 19)
  - Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 19)
- RE: Is predictable spam filtering a vulnerability? Aaron Cake (Jun 18)
  - Re: Is predictable spam filtering a vulnerability? Chris Brown (Jun 21)
- RE: Is predictable spam filtering a vulnerability? Hamlesh Motah (Jun 18)
- Re: Is predictable spam filtering a vulnerability? David F. Skoll (Jun 18)
  - Re: Is predictable spam filtering a vulnerability? Jon Fiedler (Jun 19)
    - Re: Is predictable spam filtering a vulnerability? David F. Skoll (Jun 19)
  - Re: Is predictable spam filtering a vulnerability? Kyle Wheeler (Jun 21)
  - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Martin Mačok (Jun 22)
    - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) David F. Skoll (Jun 23)
    - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) der Mouse (Jun 24)
    - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Valdis . Kletnieks (Jun 24)
  - Re: Is predictable spam filtering a vulnerability? Luca Berra (Jun 22)
    - Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 24)
    - Re: Is predictable spam filtering a vulnerability? John Fitzgibbon (Jun 24)
    - Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 25)

(Thread continues...)