On Sat, Jul 30, 2011 at 10:12 AM, <Valdis.Kletnieks@vt.edu> wrote:
Hint: If somebody forges a subscription request from 'nosuchuser@herrin.us', do you want the resulting "Somebody has requested this email address to be added to the foobar-l list, please click or reply within 48 hours to confirm" mail to show up with a <> so you can skip generating the bounce, or do you want it to have a non-null return path so you're forced to generate a bounce that will be ignored at the other end anyhow? Does your answer change if some skript kiddie forges 10,000 requests?
1. nosuchuser@herrin.us rejects during the smtp session, so it makes no difference to my server resource consumption either way. 2. I assume the subscription request came from a web page because if it was from an email request you received then you ignored my SPF records when generating the confirmation request. That was OK in 2001 but in 2011 you ought not be doing that. 3. If you happen to hit my real email address and it isn't caught by my spam filter, then all 10,000 show up in my mailbox whether you used a null return path or not. This will annoy me and when I examine the message and notice that you engaged in fire and forget behavior so that you wouldn't be bothered by the fact that you flooded my mailbox, all bets are off. So, if you want to do me a favor (as opposed to doing yourself a favor), process the messages I bounce at you and like a responsible person, try to do something intelligent with the results. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004