Full Disclosure mailing list archives

VeriSign's fake SMTP server for SiteFinder

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 22 Sep 2003 15:13:54 -0400

Hello,

Does anyone know why Verisign has set up a fake SMTP server at their
SiteFinder service to bounce email messages sent to misspelled or
expired domain names?  The fake SiteFinder SMTP server gives the
impression that it is a real SMTP server and happily accepts "To" and
"From" email addresses before rejecting a misdirected email message.  

I don't quite understand what technical issues Verisign is trying to
solve here with a fake server.  Any guesses?

I've attached an early email from Verisign that gives a bit more
information about how this fake SMTP server operates but not why it is
needed.

Richard M. Smith
http://www.ComputerBytesMan.com

========================================

-----Original Message-----
From: sitefinder () verisign-grs com [mailto:sitefinder () verisign-grs com] 
Sent: Saturday, September 20, 2003 4:03 PM
To: Richard M. Smith
Subject: Re: Verisign's SiteFinder also breaks Outlook
(KMM988642V87763L0KM)

Dear Richard,

We wanted to pass along a recent update we made our email Bounce server:

One piece of feedback we received multiple times after the addition of
the wildcard A record to the .com/.net zones concerned snubby, our
SMTP mail rejection server.  This server was designed to be the most
modest of SMTP implementations and supported only the most common
sequence of SMTP commands.

In response to this feedback, we have deployed an alternate SMTP
implementation using Postfix that should address many of the concerns
we've heard.  Like snubby, this server rejects any mail sent to it (by
returning 550 in response to any number of RCPT TO commands).

We would like to state for the record that the only purpose of this
server is to reject mail immediately to avoid its remaining in MTA
queues throughout the Internet.  We are specifically not retaining,
nor do we have any intention to retain, any email addresses from these
SMTP transactions.  In fact, to achieve sufficient performance, all
logging has been disabled.

Refer to our General & Technical FAQs regarding other questions on the 
new Site Finder service. They are located at:

http://www.verisign.com/nds/naming/sitefinder/

We remain committed to ensuring that Site Finder improves Web navigation
and the user experience.

Thank you.

Best Regards,

Customer Service
VeriSign, Inc.
www.verisign.com




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

VeriSign's fake SMTP server for SiteFinder Richard M. Smith (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Pamela Patterson (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Brent J. Nordquist (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Michal Zalewski (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Damian Gerow (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder fulldisclosure (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Dan Rowles (Sep 22)
  - Re: VeriSign's fake SMTP server for SiteFinder Jonathan A. Zdziarski (Sep 22)
    - Re: VeriSign's fake SMTP server for SiteFinder Joshua Levitsky (Sep 22)
  - Re: VeriSign's fake SMTP server for SiteFinder Valdis . Kletnieks (Sep 22)
- Re: VeriSign's fake SMTP server for SiteFinder Nate Hill (Sep 22)

(Thread continues...)