> > I'm doing an experimental free MX backup service and > wondering if it will get exploited. I'm wondering if I'm > overlooking anything obvious? > Here's the info on it: > > http://www.free-mx-backup.com > > The idea is that it detects if we are the secondary and not > the primary MX and will store and deliver email for those > domains. I'm trying to think if I'm leaving myself open for > anything I'm going to regret. If you were a spammer how would > you take advantage of this? > >
perkel, there are several ways to attempt to exploit this. the most obvious to me is that you cannot check for a validrcptto without knowing all the valid email addresses and aliases etc that are available on the authorized mail exchangers and/or final destination mail server(s)... so, even it is does not appear to be spam, you may be accepting email for a non existant email address and eventually that will bounce, eh? need more? - rh
