> the next step is: one new transaction for each recipient. The best > technique would indeed be storing the attempts in a database and
> acting on that basis.
Most likely, but all i want is to protect the system from DoS attacks.
> I do not see why accept two unknown recipients, even one if one too
> many (except, as I said, in the case of <> sender), consider that you
> are not going to accept the email for that particular recipient
> anyway, so the fact that spammers can forge <> has not effect anyway.
Users mistype mail addresses sometimes, so it would cost me more
processes. I could probably live with that, but it also slows regular
mail down, because systems that send mails for the same host sequentially
would take longer to get their mail through. I hate it when mail takes
longer than at most some seconds. :)
Allowing two bad addresses rarely slows regular mail traffic down while
still protecting me from attacks so far. Things were fine until someone
discovered that RSET let them reset the counter. Well, not anymore.