|
Subject: |
Re: Turning off EXPN (and VRFY) for Majordomo securityconcern |
|
From: |
Brad Knowles <brad @
his .
com> |
|
Date: |
Thu, 24 Oct 1996 01:41:24 -0400 |
|
To: |
Kjetil Torgrim Homme <kjetilho @
ifi .
uio .
no>, list-managers @
GreatCircle .
COM |
|
In-reply-to: |
<199609302023.12762.mne.ifi.uio.no@ifi.uio.no> |
|
References: |
<199609301910.OAA13118@garcon.unicom.com> (message fromChip Rosenthal on Mon, 30 Sep 1996 14:10:00 -0500 (CDT)) |
At 4:23 PM -0400 9/30/1996, Kjetil Torgrim Homme wrote:
>Yeah, and AOL has even turned off verification of RCPT-TO. It really
>sucks, because it means I get a separate error report from AOL. Most
>other sites report the error at once, and my local sendmail can then
>give me one short, precise (well, sort of) report per message sent to
>my mailing list.
We have seven million users. They don't have accounts on the
gateways, so even if VRFY was allowed, it wouldn't do any good -- the
addresses would show as "valid" recipients because it is deliverable
through the gateway, not because the account really exists.
So, we intentionally turn off EXPN and VRFY, since they would not
return information to you that would be useful anyway.
--
Brad Knowles, MIME/PGP: brad@his.com
comp.mail.sendmail FAQ Maintainer <http://www.his.com/~brad/>
finger brad@his.com for my PGP Public Keys and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>
|
|
