Full Disclosure mailing list archives
VeriSign's fake SMTP server for SiteFinder
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 22 Sep 2003 15:13:54 -0400
Hello, Does anyone know why Verisign has set up a fake SMTP server at their SiteFinder service to bounce email messages sent to misspelled or expired domain names? The fake SiteFinder SMTP server gives the impression that it is a real SMTP server and happily accepts "To" and "From" email addresses before rejecting a misdirected email message. I don't quite understand what technical issues Verisign is trying to solve here with a fake server. Any guesses? I've attached an early email from Verisign that gives a bit more information about how this fake SMTP server operates but not why it is needed. Richard M. Smith http://www.ComputerBytesMan.com ======================================== -----Original Message----- From: sitefinder () verisign-grs com [mailto:sitefinder () verisign-grs com] Sent: Saturday, September 20, 2003 4:03 PM To: Richard M. Smith Subject: Re: Verisign's SiteFinder also breaks Outlook (KMM988642V87763L0KM) Dear Richard, We wanted to pass along a recent update we made our email Bounce server: One piece of feedback we received multiple times after the addition of the wildcard A record to the .com/.net zones concerned snubby, our SMTP mail rejection server. This server was designed to be the most modest of SMTP implementations and supported only the most common sequence of SMTP commands. In response to this feedback, we have deployed an alternate SMTP implementation using Postfix that should address many of the concerns we've heard. Like snubby, this server rejects any mail sent to it (by returning 550 in response to any number of RCPT TO commands). We would like to state for the record that the only purpose of this server is to reject mail immediately to avoid its remaining in MTA queues throughout the Internet. We are specifically not retaining, nor do we have any intention to retain, any email addresses from these SMTP transactions. In fact, to achieve sufficient performance, all logging has been disabled. Refer to our General & Technical FAQs regarding other questions on the new Site Finder service. They are located at: http://www.verisign.com/nds/naming/sitefinder/ We remain committed to ensuring that Site Finder improves Web navigation and the user experience. Thank you. Best Regards, Customer Service VeriSign, Inc. www.verisign.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- VeriSign's fake SMTP server for SiteFinder Richard M. Smith (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Pamela Patterson (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Brent J. Nordquist (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Michal Zalewski (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Damian Gerow (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder fulldisclosure (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Dan Rowles (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Jonathan A. Zdziarski (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Joshua Levitsky (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Valdis . Kletnieks (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Jonathan A. Zdziarski (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Nate Hill (Sep 22)
(Thread continues...)