On 2009-12-27 John Peach wrote: > On Mon, 28 Dec 2009 00:39:35 +0100 Ansgar Wiechers wrote: >> On 2009-12-27 John Peach wrote: >>> 502 5.5.1 VRFY command is disabled >>> >>> just tells you that VRFY has been disabled; not the validity of the >>> address. >> >> You're missing the point. When you find that VRFY is disabled, you'd >> simply use >> >> MAIL FROM:<a...@example.com> >> RCPT TO:<address_to_be_verif...@example.net> >> QUIT >> >> instead of VRFY. >> >> If the server doesn't produce backscatter (i.e. accepts first, bounces >> later), the result of the above sequence will tell you whether or not >> <address_to_be_verif...@example.net> is valid. > > I'm not missing the point - simply explaining why most sites disable > VRFY and that it is not the same as mail from:; rcpt to:
I didn't say it's the same. I said it produces the same (or "similar enough") results, and that for this reason disabling VRFY is rather pointless. Not that it'd matter anyway, since spammers will throw their crap at anything that looks even remotely like an e-mail address. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
