> -----Messaggio originale-----
> Da: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
>
> ...omissis...
>
> I am really curious how do they behave when there's forged sender and
> both
> MTA's use this. Either they will cycle forever (so they will never know
> if
> either address is OK), or they will stop checking (so the spam will
> pass
> because spammer forged domain with SAV implemented) or the mail (even
> legitimate!) just will not pass...
>
> Once I'll try this on two or more such systems (in parallel!) and see
> if
> they will DoS each other...


No, Matus: they don't cycle.

An MTA willing to check the existence of a sender address would do this
before its reply after end of DATA (i.e.: after having received the
message). Instead, an MTA would inform its peer of a non-existent mailbox
after RCPT-TO (with a 5XX error code), which is well before DATA.

The checking system need not proceed to DATA in order to check the existence
of a mailbox, so there is no cycle...


>
> > Also, SAV's drawbacks may probably be mitigated by caching the

> results.
>
> I don't think so. The problem with first connection will still defeat
> the
> whole system... at SA level it may be much worse because your computer
> will
> spend much more CPU cycles when checking it.


.... and no DoS. Caching would help, instead, when a large number of messages
with the very same sender are received. This is a quite common pattern in
spam.

Giampaolo

>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Windows 2000: 640 MB ought to be enough for anybody