On Tue, Mar 20, 2018 at 08:30:50AM -0500, David Wright wrote: > On Tue 20 Mar 2018 at 08:28:20 (-0400), Greg Wooledge wrote: > > P.S. someone said that bounces are generated using the Reply-To: header. > > This is incorrect (or at least, would be a violation of the protocols). > > Bounces are sent to the envelope sender address (the one given by the > > sender during the SMTP session), without looking at the message itself. > > > > Of course, the envelope sender is just as easy to forge as the > > Reply-To: header is. The sender only needs to lie about who it is. > > The receiver has no way to verify the address, other than "yeah, that > > domain exists in DNS". > > But if that IP address sends loads of undeliverable mail, > why not just block it? I was under the impression that > that's what IP address blacklisting was all about.
That happens, certainly. But not everyone is using a blacklist. The spammer just has to find one system that's vulnerable and keep hammering it until it, too, gets blacklisted.
