On Tue 20 Mar 2018 at 08:28:20 (-0400), Greg Wooledge wrote: > P.S. someone said that bounces are generated using the Reply-To: header. > This is incorrect (or at least, would be a violation of the protocols). > Bounces are sent to the envelope sender address (the one given by the > sender during the SMTP session), without looking at the message itself. > > Of course, the envelope sender is just as easy to forge as the > Reply-To: header is. The sender only needs to lie about who it is. > The receiver has no way to verify the address, other than "yeah, that > domain exists in DNS".
But if that IP address sends loads of undeliverable mail, why not just block it? I was under the impression that that's what IP address blacklisting was all about. > That's how backscatter (a.k.a. "joe-jobbing") works. The spammer > sends mail to an invalid address and lies about the envelope sender > address. The receiver generates a bounce to the forged envelope > sender address. Voila, spam sent -- by the poor schmuck in the middle > who was just trying to follow the SMTP protocol properly. The only > one who can identify the actual sender is the one who generated the > bounce, and the only identifying information that system has is the > IP address from which the message was sent. Everything else (envelope > sender, message headers, message body) is fabricated. Cheers, David.
