Joel Rees <joel.r...@gmail.com> writes: > If the isp responds with a code that says my user-id is valid, the > junk mailer knows he has a live address.
They have no way of knowing whether the address is still in use or not. > If the isp responds to the bad ones with an invalid user-id code, any > user-id that doesn't get that response is assumed live. There's your > privacy problem. I don't consider this a privacy problem. No personal information is given out. You're kinda giving information, though considering that there must be billions of unused email accounts which might still accept messages, the information is pretty much worthless. Besides, you may get rejects from my MTA for recipients which have an account which is in use. So what information are you actually getting? > If the isp accepts the message without acknowledging the existence of > the user id, and then later sends an undelivered message, that's still > revealing what user-ids in the random attack were valid, and it also > amplifies the attack -- backscatter. That's what you don't do, of course. So what's the problem? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjcvvche....@yun.yagibdah.de
