- From: Dag-Erling Smørgrav <des@des.no>
- Date: Wed, 01 Jul 2009 16:55:17 +0200
- To: Etienne Miret <elimerl@gmail.com>
- Cc: W3C Validator Community <www-validator@w3.org>
Etienne Miret <elimerl@gmail.com> writes: > You misunderstood me. "This" refered to the action of opening a > connection to an MTA and using RCPT TO commands whithout sending any > mail in order to test wether some email adresses exists. > > "This" is defintely a Postfix feature, called "Address verification", > and documented at: > <http://www.postfix.org/ADDRESS_VERIFICATION_README.html> > > As I stated in my previous mail, I was aware that some MTAs wouldn't > allow this technique to work, but since Postfix developpers spent time > coding and documenting it, I guessed that there weren't so many domains > doing so. That's only a guess though. You got it all mixed up. SMTP has a VRFY command which is used to verify that an address is valid. It is usually disabled by default. RFC 821 also requires the receiving MTA to return an error immediately upon receipt of an RCPT command that references a nonexistent user. Many (if not most) MTAs don't return an error until after they've received the entire message. In both cases, the purpose is to make it harder for spammers to vet their lists. As a consequence, many spam bots will bypass the primary MX and go directly to the secondary MX. Assuming the secondary MX doesn't know which addresses are valid and which aren't (as is usually the case), they can spam dozens of addresses in a single SMTP transaction, instead of one at a time. The seconday MX will then try to forward the message to each recipient, and generate a non-delivery notification for each invalid address. The sender address is either forged or non-existent, so the NDNs will either end up in some unsuspecting user's inbox, or bounce and end up in the postmaster's inbox. The purpose of Postfix's address verification feature is to allow secondary MXes reject email addressed to nonexistent users just like the primary MX would, without actually contacting the primary MX. Postfix does this by keeping track of past delivery successes and failures. It does not control how the secondary MX reacts when it receives an RCPT command that references a nonexistent user; that's controlled by the smtpd_delay_reject configuration parameter, which is on by default. DES -- Dag-Erling Smørgrav - des@des.no
Received on Wednesday, 1 July 2009 14:55:53 UTC