|
|
|
|
|
|
by mark242
3608 days ago
|
|
|
Please don't continue to run this. What you are doing is effectively recreating the VRFY command that nearly every major mail hosting service has removed for privacy and abuse reasons. You are opening yourself up to a huge liability, since spammers will quickly use stolen credit cards to crosscheck their lists against your API. This will cause you to have processing issues from Stripe. This will cause you to have a huge backlash from hosting providers as you desperately try to make sure that your cached address is still valid. (Let's fire off 1000 calls to some random Postfix server, WCGW?) This will cause you to produce false results for domains that run catch-all addresses but don't advertise mailboxes. This will cause you to unwittingly become an effective tool in a spammer's repertoire. Look, sticking a cache in front of the RCPT TO command is all well and good, but that functionality should be up to the owner of the mail server that you're bombarding, and not up to some third party. You are putting the onus of "hey, just contact us if you don't want us to hit your mail server" on every single mail server admin. This is not okay. SMTP servers aren't nearly as robust, and cannot handle a quickly-spiraling-out-of-control web service hitting them. |
|
|
In the unlikely event that all our servers are graylisted at the same time, the API might be down. Within a few minutes, our automated system will create new servers elsewhere."
I just threw up a bit in my mouth. I guess the weekend project is to spin up an automated abuse reporting service for requests made from Anymail's virtual machine farm. I'm sure AWS would be pleased to hear they're running command and control for a botnet.
Do not abuse the commons for profit.