Mark Brown <[EMAIL PROTECTED]> writes: >> Why cannot the C-R system issue the challenge during the SMTP session >> (respond with a reject containing the challenge)? With the latest >> Sobig flood I've begun to consider all list software sending back > > The part where SMTP is completely unauthenticated means that this > doesn't help - the SMTP envelope sender can be forged just as easily as > the From: inside the message.
*You* don't generate a bounce in this case. Others might do, but in the case of Sobig.F and a sizeable chunk of spamming operations, no bounces at all are sent.
