[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[BULK] Re: SORBS contact



On Sat, Jul 30, 2011 at 10:12 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> Hint: ?If somebody forges a subscription request from 'nosuchuser at herrin.us',
> do you want the resulting "Somebody has requested this email address to be
> added to the foobar-l list, please click or reply within 48 hours to confirm"
> mail to show up with a <> so you can skip generating the bounce, or do you want
> it to have a non-null return path so you're forced to generate a bounce that
> will be ignored at the other end anyhow? ?Does your answer change if some
> skript kiddie forges 10,000 requests?

1. nosuchuser at herrin.us rejects during the smtp session, so it makes
no difference to my server resource consumption either way.

2. I assume the subscription request came from a web page because if
it was from an email request you received then you ignored my SPF
records when generating the confirmation request. That was OK in 2001
but in 2011 you ought not be doing that.

3. If you happen to hit my real email address and it isn't caught by
my spam filter, then all 10,000 show up in my mailbox whether you used
a null return path or not. This will annoy me and when I examine the
message and notice that you engaged in fire and forget behavior so
that you wouldn't be bothered by the fact that you flooded my mailbox,
all bets are off.

So, if you want to do me a favor (as opposed to doing yourself a
favor), process the messages I bounce at you and like a responsible
person, try to do something intelligent with the results.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin at dirtside.com? bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004