Full Disclosure mailing list archives
Re: What makes Yahoo! a good merger candidate?
From: Chris 'Chipper' Chiapusio <chipper () llamas net>
Date: Thu, 7 Feb 2008 10:31:25 -0500
On Wed, Feb 06, 2008 at 11:40:06AM -0600, Paul Schmehl wrote:
They're also the first mail server I've ever connected to that won't accept user () domain tld and insists on <user () domain tld> instead. So, I'm not surprised to find that they 250 everything you type in. I guess RFCs are even more meaningless now than they always have been. :-(
Please review http://www.faqs.org/rfcs/rfc2821.html to fully understand a modern SMTP transation, I've included the appropriate excerpts for this thread: 3.3 Mail Transactions [...] The first step in the procedure is the MAIL command. MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF> This command tells the SMTP-receiver that a new mail transaction is starting and to reset all its state tables and buffers, including any recipients or mail data. The <reverse-path> portion of the first or only argument contains the source mailbox (between "<" and ">" brackets), which can be used to report errors (see section 4.2 for a discussion of error reporting). [...] However, in practice, some servers do not perform recipient verification until after the message text is received. These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in section 6. Using a "550 mailbox not found" (or equivalent) reply code after the data are accepted makes it difficult or impossible for the client to determine which recipients failed. Tell us again how Yahoo is not adhering to the RFCs. While quoting RFC's to this list is fairly lo-tech, people really should check fact before making a blatanly foolish statement about one of the largest email providers in the world. Strict adherence to RFC is the first and simplest step in fighting spam.
Who knew.
Indeed.
-- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Chris 'Chip' Chiapusio -- ------ **** Warning **** This e-mail message, without warrant or warning, and despite US law as set forth in the Foreign Intelligence Surveillance Act of 1978, may be subject to monitoring by the United States National Security Agency and/or the Department of Defense. Information contained in this message may be used against any senders or recipients, now or in the future, in a public trial or secret tribunal. Please encrypt anything important. PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: What makes Yahoo! a good merger candidate?, (continued)
- Re: What makes Yahoo! a good merger candidate? Ferdinand Klinzer (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
- Re: What makes Yahoo! a good merger candidate? worried security (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Tonnerre Lombard (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Christian Kujau (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Chris 'Chipper' Chiapusio (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 07)