On Tue, 02 Dec 2003 14:37 UTC Suresh Ramasubramanian <suresh@outblaze.com> wrote: | Nobody except spammers / dictionary attackers seem to VRFY these days | for this sort of stuff. In fact grepping your logs for VRFY is often | a reliable sign of a dictionary attack on your machines. VRFY is an (unavoidable) part of the checking routine built into the popular "Sam Spade for Windows" client, for manual verification of any suspect addresses found to have sent suspicious mail. So just looking for VRFY can give you some, er, false positives there ;-) and, as has been said, most sites don't allow it for obvious reasons. What is perhaps surprising, is the number of sites that disallow VRFY but leave EXPN fully operational ... | Thank God for small mercies, I guess. Implementing DELAY_CHECKS (which is normal anyway these days) will of course make a complete mockery of the process Verizon have implemented. -- Richard Cox