On 1/3/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > Hi Danny, > > Time for some Windows Network education for you. CIL... Time for some RFC education from our friends at Microsoft... http://support.microsoft.com/kb/842851 [...] "As previously discussed, suppressing NDRs is not an RFC-compliant practice.Therefore, suppressing NDRs cannot be generally recommended. Suppressing NDRs also inconveniences the ordinary user who makes a typographical error in the recipient address when he or she sends an e-mail message. The typical expectation of e-mail senders is that unless an NDR is returned, the e-mail message has reached its destination. If the recipient filtering feature is enabled, you may be more at risk from a harvest attack. However, you are also less susceptible to being used as the vector for an NDR flood attack. An NDR flood attack is where a sender deliberately spoofs the return address for a valid domain and then sends invalid e-mail messages to you purporting to be from that domain. Your server then dutifully floods the victim domain with multiple NDR reports." [...] Ahh, the big bad directory harvest attack, well it is moot if your mail server accepts email sent to any recipients within your domain regardless of whether or not they exist. Anyway, I am off to bed and we are way off topic - sorry for the noise folks. Thanks for today's lesson, Dr. Tom. Remember kids, Uncle Danny says to shoot for RFC compliance and best practices. ...D