|
|
BugTraq
Is predictable spam filtering a vulnerability? Jun 16 2004 11:26AM R Armiento (rar_bt armiento se) (7 replies) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 05:27PM Joel Eriksson (je-secfocus bitnux com) (3 replies) Re: Is predictable spam filtering a vulnerability? Jun 18 2004 08:57PM Jason Coombs (jasonc science org) Re: Is predictable spam filtering a vulnerability? Jun 18 2004 06:52PM PSE-L mail professional org (Sean Straw / PSE) RE: Is predictable spam filtering a vulnerability? Jun 17 2004 02:18PM Aaron Cake (aaron vltpm com) (1 replies) Re: Is predictable spam filtering a vulnerability? Jun 21 2004 01:23PM Chris Brown (chris wavetex com) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 11:28AM David F. Skoll (dfs roaringpenguin com) (4 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 22 2004 02:20PM Martin Maèok (martin macok underground cz) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 24 2004 07:15AM Valdis Kletnieks vt edu Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 12:53AM David F. Skoll (dfs roaringpenguin com) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 10:46PM der Mouse (mouse Rodents Montreal QC CA) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 09:48PM PSE-L mail professional org (Sean Straw / PSE) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 25 2004 07:49PM der Mouse (mouse Rodents Montreal QC CA) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 25 2004 05:35PM Seth Breidbart (sethb panix com) Re: Is predictable spam filtering a vulnerability? Jun 20 2004 01:52PM Luca Berra (bluca comedia it) (3 replies) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 08:32PM Michael A. Dickerson (mikey singingtree com) Re: Is predictable spam filtering a vulnerability? Jun 23 2004 05:07PM PSE-L mail professional org (Sean Straw / PSE) (2 replies) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 07:42PM The Fungi (fungi yuggoth org) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 05:44PM John Fitzgibbon (bugtraq jfitz com) (1 replies) Re: Is predictable spam filtering a vulnerability? Jun 25 2004 05:08AM PSE-L mail professional org (Sean Straw / PSE) Re: Is predictable spam filtering a vulnerability? Jun 19 2004 02:56PM Kyle Wheeler (kyle-bugtraq memoryhole net) Re: Is predictable spam filtering a vulnerability? Jun 19 2004 12:49AM Jon Fiedler (jmf9 cwru edu) (1 replies) RE: Is predictable spam filtering a vulnerability? Jun 17 2004 08:26AM Hamlesh Motah (admin hamlesh com) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 08:21AM Ilya Sher (ilya79 actcom net il) |
|
Privacy Statement |
> >In my opinion, any spam filter that silently drops e-mail is broken, and
> >is indeed a security risk. A spam filter MUST respond with a 500 SMTP
> >failure code if it rejects a message.
> This ignores client side spam filters,
Client-side spam filters that silently drop e-mail are broken. They
should generate a non-delivery notification.
Of course, that leads to all kinds of other nasty problems, so I've
concluded that client-side spam filters in general are broken, and the
only proper way to do it is on the server, and only by failing the
SMTP transaction.
> and doesn't really change the
> attack. The 500 message would be sent back to A, but not B, so B is
> still in the dark about C not receiving the emails.
No; B would get the failure message, because B is the envelope sender.
Regards,
David.
[ reply ]