Bugtraq: Re: Is predictable spam filtering a vulnerability?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Is predictable spam filtering a vulnerability?

From: Jon Fiedler <jmf9 () cwru edu>
Date: Fri, 18 Jun 2004 19:49:29 -0500

David F. Skoll wrote:

On Wed, 16 Jun 2004, R Armiento wrote:

However, 'C':s spam filter silently drops the email.


In my opinion, any spam filter that silently drops e-mail is broken, and
is indeed a security risk.  A spam filter MUST respond with a 500 SMTP
failure code if it rejects a message.

Regards,

David.

This ignores client side spam filters, and doesn't really change theattack. The 500 message would be sent back to A, but not B, so B isstill in the dark about C not receiving the emails.

jon

By Date By Thread

Current thread:

Re: Is predictable spam filtering a vulnerability?, (continued)
- RE: Is predictable spam filtering a vulnerability? Aaron Cake (Jun 18)
  - Re: Is predictable spam filtering a vulnerability? Chris Brown (Jun 21)
- RE: Is predictable spam filtering a vulnerability? Hamlesh Motah (Jun 18)
- Re: Is predictable spam filtering a vulnerability? David F. Skoll (Jun 18)
  - Re: Is predictable spam filtering a vulnerability? Jon Fiedler (Jun 19)
    - Re: Is predictable spam filtering a vulnerability? David F. Skoll (Jun 19)
  - Re: Is predictable spam filtering a vulnerability? Kyle Wheeler (Jun 21)
  - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Martin Mačok (Jun 22)
    - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) David F. Skoll (Jun 23)
    - Re: Is predictable spam filtering a vulnerability? (silently dropping messages) der Mouse (Jun 24)