Marc Perkel wrote:
Generally a dictionary attach uses randon to addresses, not from addresses. Sender verification works on the from address.
And when your sender verification setup tries to verify a forged From: address against my server, it uses it as the To: address. Add a bunch of them together, and from my end, it looks exactly the same as a dictionary attack.
And if I didn't use sender verification it scould result in a bounce message to the address that I would have verified and the bounce message is a far words problem than sender verification.
Well, it being the twenty-first century, we have this nifty tool called SMTP Reject. You may have heard of it.
And even if you do insist on sending a bounce notice, if the address is invalid the bounce is going to get rejected with User unknown before DATA. And if the address is valid, you'll send me the bounce notice anyway, *after* verifying it.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
