RE: recent spam to this list
Kris Deugau wrote:
> Julian Mehnle wrote:
> > Andreas Metzler wrote:
> > > If I send an e-mail over mail.nusrf.at with envelope-from
> > > firstname.lastname@example.org I am _not_ forging anything or making
> > > "unauthorized use of domains"
> > Yes, you are. The envelope-from address is not a reply-to address,
> > it's a sender address. If you are sending from mail.nusrf.at, you
> > are not sending from logic.univie.ac.at. So you should not specify
> > <email@example.com> as the envelope-from address, or you'd
> > be forging it.
> OK, I think I've thought of a sort of a counter-example:
> I'm sending "from" myfriendsdomain.com's server, but I don't have an
> account there. I do, however, have an account firstname.lastname@example.org on
> my own server- to which I want all replies/bounces/etc to go to.
Why don't you use <email@example.com> as the envelope-from and <firstname.lastname@example.org> as the "From:" header field? Replies will go to <email@example.com>, while bounces will go to <firstname.lastname@example.org>. If your friend's server is configured correctly, it won't send out-of-band bounces (bounces as stand-alone messages, instead of a bounce reply code in the SMTP dialog) to foreign (non-local) servers anyway (to mitigate joe jobs on innocent bystanders whose address was used as some spam's envelope-from).
> I'm not sure this actually has any direct relevance to this dicussion
> (which I gather is about a DNS-ish way to restrict which machines can
> relay mail for any particular domain, according to the wishes of that
> domain owner), but I think it might be a useful example.
Sure, it is relevant.