Re: email address probes

[Kee Hinckley <nazgul () somewhere com>]

At 8:54 PM +0000 2/5/03, Andy Bastien wrote:
> which we don't want to block.  I suppose that we could accept the
> emails and dump them to /dev/null (or to some tarpit account so that
> we can inspect them) instead of replying with a "550 User unknown,"
> but I suspect that this could cause us more headaches in the future.
> Does anyone have any suggestions as to how we could handle this
> problem?

The only solution I know of is to tarpit the server based on number 
of bounces.  The more it bounces, the more slowly you get around to 
handling responses from it.  I don't know of any off-the-shelf 
solutions that to do that though.  And furthermore, if you start 
doing it, they'll just start distributing the tests across different 
targets--so then you'll need a distributed tarpit database similar to 
the RBLs.
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com