Re: [BULK] Re: SORBS contact

[William Herrin <bill () herrin us>]

On Sat, Jul 30, 2011 at 10:12 AM,  <Valdis.Kletnieks () vt edu> wrote:
> Hint:  If somebody forges a subscription request from 'nosuchuser () herrin us',
> do you want the resulting "Somebody has requested this email address to be
> added to the foobar-l list, please click or reply within 48 hours to confirm"
> mail to show up with a <> so you can skip generating the bounce, or do you want
> it to have a non-null return path so you're forced to generate a bounce that
> will be ignored at the other end anyhow?  Does your answer change if some
> skript kiddie forges 10,000 requests?

1. nosuchuser () herrin us rejects during the smtp session, so it makes
no difference to my server resource consumption either way.

2. I assume the subscription request came from a web page because if
it was from an email request you received then you ignored my SPF
records when generating the confirmation request. That was OK in 2001
but in 2011 you ought not be doing that.

3. If you happen to hit my real email address and it isn't caught by
my spam filter, then all 10,000 show up in my mailbox whether you used
a null return path or not. This will annoy me and when I examine the
message and notice that you engaged in fire and forget behavior so
that you wouldn't be bothered by the fact that you flooded my mailbox,
all bets are off.

So, if you want to do me a favor (as opposed to doing yourself a
favor), process the messages I bounce at you and like a responsible
person, try to do something intelligent with the results.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004