Reply to Re: [PHP] Re: email validation (no regex)

Your name:

Reply:


Posted by J B on 09/29/19 11:27

On 9/21/05, Michael Sims <michaels@crye-leike.com> wrote:
> Additionally, some mail servers unconditionally accept mail addressed to ANY
> username at their domain, whether that user actually exists or not. This is very
> bad practice, because it usually means the accepting MTA is a "dumb" host that has
> to forward all incoming mail to an internal mail server which knows which accounts
> exist, and if that server ends up rejecting the message, the "dumb" MTA creates a
> DSN and sends it back to the envelope sender (which is quite often forged). This
> causes the so-called "backscatter" which results in innocent people getting bounces
> for messages they didn't send. Nevertheless, lots of mail servers are configured
> this way, so you cannot simply assume that an account is real just because you
> didn't get a 5xx on RCPT TO.

Just as a side note, and I do agree that this behaviour is bad
practice in principle, but I imagine they (the MTAs) do this for the
same reason that login prompts don't tell you when you enter a bogus
username and still prompt for the password and give a generic "access
denied" error...it prevents username fishing.
Of course, I would think that a better solution would be to do
immediate rejection and then block the remote IP after X send attempts
with invalid usernames, but maybe there's a compelling reason not to
do that and I just haven't thought of it...

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация