Re: Discovering users by RCPT TO
From: Baltasar Cevc (baltasar_at_cevc-topp.de)
Date: 01/16/05
- Previous message: Todd Towles: "RE: Creating a Custom Trojan after Social Engineering"
- In reply to: Bassett, Mark: "RE: Discovering users by RCPT TO"
- Next in thread: Tobias Glemser: "Re: Discovering users by RCPT TO"
- Reply: Tobias Glemser: "Re: Discovering users by RCPT TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 16 Jan 2005 18:26:31 +0100 To: pen-test@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bassett, Mark wrote:
| A better way of doing an "authorized user list", is to accept mail for
| every address at your domain, but toss it into the bit bucket if it's
| not a valid recipient. The major difference being that you accept the
| message regardless, it just never gets delivered. Lots of anti-spam
| products provide this ability. Ciphertrust Ironmail, and Clearswift
| MimeSweeper are both anti-spam vendors that do this that I can think of
| offhand.
However, using that feature will have a rather nasty side effect of not
letting legitimate users know that their mail has not been delivered.
And at least here in Germany, knowingly not delivering mail is illegal;
although these mails cannot be delivered, I suppose you may be liable
to let the sender know (at least if it is a human ;-)
Baltasar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB6qPHp2YsmzTbIwYRAiDYAJ99CmbUzHwpr+gKeHocTY7h+hVMOwCfeMQL
m2gy8vWwTq8OXC4OR05ZAss=
=oBNA
-----END PGP SIGNATURE-----
- Previous message: Todd Towles: "RE: Creating a Custom Trojan after Social Engineering"
- In reply to: Bassett, Mark: "RE: Discovering users by RCPT TO"
- Next in thread: Tobias Glemser: "Re: Discovering users by RCPT TO"
- Reply: Tobias Glemser: "Re: Discovering users by RCPT TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
