Chris-Linfoot.net

• The incident documented in my last post in that thread is the only one I have ever seen
  
• None of the harvested addresses was the primary email id of any user, but all were alternatives based on first or last name only @mydomain
  
• So we added all of these harvested addresses as aliases to our spamtraps but actually they very rarely get hit - so these addresses have not found their way onto too many millions CDs
  
• The keen observer will note that the attack came from a dialup/dynamic IP - it is possible that our policy of aggressively blocking SMTP connections from dynamic IPs has defeated further attempts at dictionary attacks

So on balance, do these things happen? Yes. Do I worry about them? No. I think the usefulness of "Verify that local domain recipients exist in the Domino Directory:" far outweighs the risk - at least here. Note well what I wrote about the use of our domain as the domain part of the "from" address of a spam run by a spammer last month. Several thousand "bounces" were kept out of mail.box here by this simple precaution...

Category: Spammer tactics
Technorati: Spammer tactics

1. Stephen Jepson12/01/2005 17:06:41

I have noticed that since turning this option on in Notes, one of my Notes users and ex admin gets a copy of all the messages 'rejected for policy reasons' by my server.

Anyone else noticed this?

Steve

2. Chris Linfoot12/01/2005 17:12:02

Is that all the messages bounced or just some? The only way I can see this happening is if some outsioe party sends email to a non-existent addres in your domain and spoofs the sender as "one of your Notes users and ex admin". The inbound message would be rejected and could cause a non-delivery report to go to the spoofed sender.

Actually, this is quite likely to happen if the offending messages are viruses.

Unable to post a comment? Please read this for a possible explanation...