[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More then 2800 spams from the list...

On Tue 20 Mar 2018 at 08:28:20 (-0400), Greg Wooledge wrote:
> P.S. someone said that bounces are generated using the Reply-To: header.
> This is incorrect (or at least, would be a violation of the protocols).
> Bounces are sent to the envelope sender address (the one given by the
> sender during the SMTP session), without looking at the message itself.
> Of course, the envelope sender is just as easy to forge as the
> Reply-To: header is.  The sender only needs to lie about who it is.
> The receiver has no way to verify the address, other than "yeah, that
> domain exists in DNS".

But if that IP address sends loads of undeliverable mail,
why not just block it? I was under the impression that
that's what IP address blacklisting was all about.

> That's how backscatter (a.k.a. "joe-jobbing") works.  The spammer
> sends mail to an invalid address and lies about the envelope sender
> address.  The receiver generates a bounce to the forged envelope
> sender address.  Voila, spam sent -- by the poor schmuck in the middle
> who was just trying to follow the SMTP protocol properly.  The only
> one who can identify the actual sender is the one who generated the
> bounce, and the only identifying information that system has is the
> IP address from which the message was sent.  Everything else (envelope
> sender, message headers, message body) is fabricated.


Reply to: