[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: recent spam to this list

Kris Deugau wrote:
> Julian Mehnle wrote:
> > Andreas Metzler wrote:
> > > If I send an e-mail over mail.nusrf.at with envelope-from
> > > ametzler@logic.univie.ac.at I am _not_ forging anything or making
> > > "unauthorized use of domains"
> > 
> > Yes, you are.  The envelope-from address is not a reply-to address,
> > it's a sender address.  If you are sending from mail.nusrf.at, you
> > are not sending from logic.univie.ac.at.  So you should not specify
> > <ametzler@logic.univie.ac.at> as the envelope-from address, or you'd
> > be forging it.
> OK, I think I've thought of a sort of a counter-example:
> --------
> [...]
> I'm sending "from" myfriendsdomain.com's server, but I don't have an
> account there.  I do, however, have an account myaccount@mydomain.com on
> my own server- to which I want all replies/bounces/etc to go to.
> -------- 

Why don't you use <myfriend@myfriendsdomain.com> as the envelope-from and <myaccount@mydomain.com> as the "From:" header field?  Replies will go to <myaccount@mydomain.com>, while bounces will go to <myfriend@myfriendsdomain.com>.  If your friend's server is configured correctly, it won't send out-of-band bounces (bounces as stand-alone messages, instead of a bounce reply code in the SMTP dialog) to foreign (non-local) servers anyway (to mitigate joe jobs on innocent bystanders whose address was used as some spam's envelope-from).

> I'm not sure this actually has any direct relevance to this dicussion
> (which I gather is about a DNS-ish way to restrict which machines can
> relay mail for any particular domain, according to the wishes of that
> domain owner), but I think it might be a useful example.

Sure, it is relevant.

Reply to: