LDAP/MTA helping Spammers?

[Jan-Peter Koopmann]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I am not disagreeing that the benefit isn't there but from a
> security standpoint it is always better to give less
> information that more information. So either at the MTA or in
> MS wouldn't it be better to just silently delete? Not sending any
> "User unknown"? 

Good lord no. If a perfectly valid sender misspells the recipient noone will ever know! Moreover you have to distinguish between viruses/worms that are trying to brute-force stuff and spammers trying all kinds of addresses.

There is no medicine against viruses/worms brute-force attacks. You can teergrube them a bit but you will not stop them. Our statistics show however that at least some spam-networks seem to "recognize" that certain accounts do not work anymore and will delete those e-mails from their lists. A lot of our customers started of with thousands of delivery attempts to non-existing users and from the point we started sending back "550 user unknown" things got a _LOT_ better for them.

Of course you give hackers etc. a bit more insight since you tell them which addresses are valid and which ones are not. This is not a big risk though since security by obscurity never worked out. It aids but it is not sufficient anyways. And as I stated above, the risk of loosing valid mail due to silently deleting is not acceptable for most business users.

Kind regards,
  JP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!