On Wed, 16 Jun 2004, R Armiento wrote:This ignores client side spam filters, and doesn't really change the attack. The 500 message would be sent back to A, but not B, so B is still in the dark about C not receiving the emails.
However, 'C':s spam filter silently drops the email.
In my opinion, any spam filter that silently drops e-mail is broken, and is indeed a security risk. A spam filter MUST respond with a 500 SMTP failure code if it rejects a message.
Regards,
David.
jon
