It does not eliminate the possibility of a backscatter against an innocent third party address, but at least your server is not the one sending the bounce messages.Īpproach #3 eliminates the possibility of Backscatter. It reduces the possibility of your server getting blacklisted or DoSed. It also puts more load on your server and upload bandwidth, because it has to send the bounce message.Īpproach #2 is pretty much universally better than approach #1. In the case of a Backscatter attack, your server will look like the spammer (even though it is an innocent victim), and you will be the one who gets blacklisted. There is little reason to use approach #1 anymore. The sender will have no idea whether or not the message was received. The sender's SMTP server will be responsible for the generating the Undeliverable message.Īccept the message and silently delete it. There are actually 3 approaches for an invalid recipient:Īfter the recipient is determined to be invalid, send an Undeliverable message back to the sender.Ĭlose the SMTP connection while the message is still "in flight". I'm going to make this answer fairly generic because the terminology and configuration details will vary depending on your specific mail server/spam filter software. But I cannot come up with a situation in which silently dropping the mail is better than rejecting it during the SMTP transaction. In those cases it makes little difference if you reject the RCPT TO command or if you accept the mail and silently drop it. There may be cases where distribution of the email-address in the first place was so limited, that you know there couldn't be any legitimate mail send to the address. ![]()
0 Comments
Leave a Reply. |