Spammer spoofing
Tom Anderson
tanderso at oac-design.com
Wed Feb 9 21:54:52 CET 2005
----- Original Message -----
From: "Jonathan Buzzard" <jonathan at buzzard.me.uk>
> In the first instance any decent email program should warn the user before
> this happens. In the second instance they deserve a bounce saying it has
> been rejected due to lack of a subject line.
By all means, if you have the authority to make such a decision for your
users even though there is no RFC or other standard which requires a subject
line. I would never presume to reject my clients' corporate email based on
such an arbitrary rule. If the lack of a subject line were combined with
other attributes, such as the bogosity, to make such a decision, then it
would be more defensible. Moreover, the bounce doesn't tell the sender that
it was rejected due to the lack of a subject line, it tells them that the
user doesn't exist. I would hate to face the lawsuit in which I was charged
with the damages of costing one of my clients an important contract because
the customer thought they didn't exist anymore. Flat-out rejecting of any
email is not something to be taken lightly, and if it is decided to do so,
at least a descriptive response should be supplied... eg: This server
doesn't accept blank subject lines... please resend your email with an
appropriate subject line. A spammer would never read the bounce anyway, but
at least legitimate senders -- and your users -- will know what's going on.
Tom
More information about the Bogofilter
mailing list