Re: How I spent my Christmas vacation - Email found in subject
- From: Danny <nocmonkey@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 00:19:50 -0500
On 1/3/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> Hi Danny,
>
> Time for some Windows Network education for you. CIL...
Time for some RFC education from our friends at Microsoft...
http://support.microsoft.com/kb/842851
[...]
"As previously discussed, suppressing NDRs is not an RFC-compliant
practice.Therefore, suppressing NDRs cannot be generally recommended.
Suppressing
NDRs also inconveniences the ordinary user who makes a typographical error
in the recipient address when he or she sends an e-mail message. The typical
expectation of e-mail senders is that unless an NDR is returned, the e-mail
message has reached its destination.
If the recipient filtering feature is enabled, you may be more at risk from
a harvest attack. However, you are also less susceptible to being used as
the vector for an NDR flood attack. An NDR flood attack is where a sender
deliberately spoofs the return address for a valid domain and then sends
invalid e-mail messages to you purporting to be from that domain. Your
server then dutifully floods the victim domain with multiple NDR reports."
[...]
Ahh, the big bad directory harvest attack, well it is moot if your mail
server accepts email sent to any recipients within your domain regardless of
whether or not they exist.
Anyway, I am off to bed and we are way off topic - sorry for the noise
folks. Thanks for today's lesson, Dr. Tom.
Remember kids, Uncle Danny says to shoot for RFC compliance and best
practices.
...D
Other related posts:
