On Tue, Aug 26, 2008 at 12:26 PM, Marc Perkel <[EMAIL PROTECTED]> wrote: > > > Ken A wrote: >> >> Ralf Hildebrandt wrote: >>> >>> * Ken A <[EMAIL PROTECTED]>: >>> >>>>> How? He tempfails all mails. >>>> >>>> Are you asking how sending your customer, or company email off someplace >>>> you don't control might be a security risk? >>> >>> It's in no way more dangerous than using Postini... >>> >> >> Have you compared Postini's contract to the one you get from Marc? >> >> Ummm.. just in case you have no luck finding that, what about a Privacy >> policy? >> >> See the link at bottom of >> http://wiki.junkemailfilter.com/index.php/Project_tarbaby >> for the Privacy Policy. It's currently a blank page. That doesn't give me >> a secure feeling.. >> >> Ken >> > > Well, I'm definitely a privacy advocate as a former EFF employee but > considering that we never receive and of the email (451 response before data > is sent) there's no information to disclose. We aren't receiving the body of > the email. Generally all we see is spam bot attempts and harvest those IPs > for the blacklist which has now grown to 2 million.
You continue to miss the point, or maybe you just don't want to understand it. Sending my client's email to your servers is irresponsible at best and possibly even a violation of contract or illegal. It does not matter that you claim to always give a temp fail. It does not matter that you are a Real Nice Guy. What if your servers become compromised? What if your DNS is hijacked? What if your software giving the temp fail doesn't work properly? What if a broken MTA sends the message even after you temp fail? What if you turn into a Real Bad Guy? There is also the issue that even if you do temp fail, even the knowledge of which servers are trying to connect to my client's domains may not be something they want you to gather. As many have stated: if you are truly interested in this, get a client together, preferably open source, that sends only the neccesary data to your site. -Aaron
