Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Chris 'Chipper' Chiapusio <chipper@xxxxxxxxxx>
- Date: Thu, 7 Feb 2008 10:31:25 -0500
On Wed, Feb 06, 2008 at 11:40:06AM -0600, Paul Schmehl wrote:
They're also the first mail server I've ever connected to that won't accept
user@xxxxxxxxxx and insists on <user@xxxxxxxxxx> instead. So, I'm not
surprised to find that they 250 everything you type in.
I guess RFCs are even more meaningless now than they always have been. :-(
Please review http://www.faqs.org/rfcs/rfc2821.html to fully understand a
modern SMTP transation, I've included the appropriate excerpts for this
thread:
3.3 Mail Transactions
[...]
The first step in the procedure is the MAIL command.
MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF>
This command tells the SMTP-receiver that a new mail transaction is
starting and to reset all its state tables and buffers, including any
recipients or mail data. The <reverse-path> portion of the first or
only argument contains the source mailbox (between "<" and ">"
brackets), which can be used to report errors (see section 4.2 for a
discussion of error reporting).
[...]
However, in practice, some servers do not perform recipient
verification until after the message text is received. These servers
SHOULD treat a failure for one or more recipients as a "subsequent
failure" and return a mail message as discussed in section 6. Using
a "550 mailbox not found" (or equivalent) reply code after the data
are accepted makes it difficult or impossible for the client to
determine which recipients failed.
Tell us again how Yahoo is not adhering to the RFCs. While quoting RFC's to
this list is fairly lo-tech, people really should check fact before making
a blatanly foolish statement about one of the largest email providers in
the world. Strict adherence to RFC is the first and simplest step in
fighting spam.
Who knew.
Indeed.
--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Chris 'Chip' Chiapusio
--
------
**** Warning ****
This e-mail message, without warrant or warning, and despite US law as set
forth in the Foreign Intelligence Surveillance Act of 1978, may be subject
to monitoring by the United States National Security Agency and/or the
Department of Defense. Information contained in this message may be used
against any senders or recipients, now or in the future, in a public trial
or secret tribunal.
Please encrypt anything important.
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Vincent van Scherpenseel
- Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Paul Schmehl
- Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Valdis . Kletnieks
- Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Harry Hoffman
- Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- From: Paul Schmehl
- [Full-disclosure] What makes Yahoo! a good merger candidate?
- Prev by Date: Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- Next by Date: [Full-disclosure] Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability
- Previous by thread: Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- Next by thread: Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
- Index(es):
Relevant Pages
|
