On Fri, Mar 27, 2009 at 3:46 PM, John Brooks <j...@day-light.com> wrote: > I've just received this response from a large corporate email > system regarding their claim that emails sent to them are not > getting through even though our logs contain acknowledgements > of accepting the mail sent. > > In our mail logs: > ... status=sent (250 Message accepted for delivery) > > > Their response: > ... "my understanding of the <firmname removed> security policy > is not to acknowledge mistakes in email addresses as a best > practice defense against phishing and other types of email > delivered attacks." > > Anybody run into this kind of logic before? > > > -- > John Brooks > j...@day-light.com
Idiocy. If a spammer/phisher even bothers looking at the return code, he'll only be looking for 5xx to remove broken accounts from his list. The use of botnets for spamming makes the cost of a few thousand false entries in this list negligible.The presence of bad addresses does not eliminate the presence of correct addresses. Why sacrifice usability for no additional security? -HKS
