[Dshield] PDF Spam Wave
Tom
dshield at oitc.com
Thu Aug 9 16:59:24 GMT 2007
At 11:59 AM -0400 8/9/07, Valdis.Kletnieks at vt.edu wrote:
>Content-Type: multipart/signed; boundary="==_Exmh_1186675196_3128P";
> micalg=pgp-sha1; protocol="application/pgp-signature"
>Content-Transfer-Encoding: 7bit
>
>On Thu, 09 Aug 2007 11:27:10 EDT, Tom said:
>
>> I beg to slightly differ. If you know you want to reject, send a
>> 5xx. To many servers are sending 4xx when they really mean 5xx. 4xx
>> just causes a valid mailserver to continue to retry thus delaying the
>> proper handling of mail that was truly rejected by the recipient.
>
>Actually, sending a 4xx back rather than accepting *can* make sense, if
>the bounce you'd have send back was a "mail delayed" bounce (because your
>LDAP server hiccuped, etc). And yes, I *do* see a fair amount of "Unable
>to send mail for XX hours" blowback.
>
>Also, 4xx replies are heavily used by greylisting schemes.
True, 4xx has its place but as I said we have seen many (AOL comes to
mind) where the server knows its spam (we notice this for example on
an account forwarded to AOL where the text on the 4xx indicates that
the content was rejected) but still returns 4xx causing our server to
retry for days before giving up. This is not what 4xx was designed
for and just delays anyone/anything doing anything about the
problematic mail. I have no idea why one would configure their
servers for this non standard behavior.
Tom
More information about the list
mailing list