Penetration Testing mailing list archives
Re: Discovering users by RCPT TO
From: Baltasar Cevc <baltasar () cevc-topp de>
Date: Sun, 16 Jan 2005 18:26:31 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bassett, Mark wrote: | A better way of doing an "authorized user list", is to accept mail for | every address at your domain, but toss it into the bit bucket if it's | not a valid recipient. The major difference being that you accept the | message regardless, it just never gets delivered. Lots of anti-spam | products provide this ability. Ciphertrust Ironmail, and Clearswift | MimeSweeper are both anti-spam vendors that do this that I can think of | offhand. However, using that feature will have a rather nasty side effect of not letting legitimate users know that their mail has not been delivered. And at least here in Germany, knowingly not delivering mail is illegal; although these mails cannot be delivered, I suppose you may be liable to let the sender know (at least if it is a human ;-) Baltasar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6qPHp2YsmzTbIwYRAiDYAJ99CmbUzHwpr+gKeHocTY7h+hVMOwCfeMQL m2gy8vWwTq8OXC4OR05ZAss= =oBNA -----END PGP SIGNATURE-----
Current thread:
- Re: Discovering users by RCPT TO, (continued)
- Re: Discovering users by RCPT TO GuidoZ (Jan 13)
- Re: Discovering users by RCPT TO Martin Fallon (Jan 13)
- Re: Discovering users by RCPT TO Kiril Todorov (Jan 13)
- Re: Discovering users by RCPT TO Chris Buechler (Jan 13)
- Re: Discovering users by RCPT TO Jay D. Dyson (Jan 14)
- Re: Discovering users by RCPT TO Vince Hoang (Jan 14)
- Re: Discovering users by RCPT TO dmz (Jan 14)
- Re: Discovering users by RCPT TO Matan Peled (Jan 15)
- Re: Discovering users by RCPT TO Faisal Khan (Jan 15)
- Re: Discovering users by RCPT TO Chris Buechler (Jan 13)
- Re: Discovering users by RCPT TO GuidoZ (Jan 13)
- Re: Discovering users by RCPT TO Baltasar Cevc (Jan 17)
- Re: Discovering users by RCPT TO Tobias Glemser (Jan 20)