On Thu, Jul 11, 2024 at 4:33 PM Slavko via mailop <mailop@mailop.org> wrote:
> Do you see in bounces from what IP was original send? No, not that I can find > The BATV was inventend to solve that problem, you sign own Return-Path > and then check this signature in bounces and reject when bounce (NDR) > is send to unsigned RCPT as bounce to message not send by you.. But > it was never standardised and is not always applicable (i use it). > > If you decide to apply it, do it in two stages, first start to sign > Return-Path and then, after some days, start rejecting (to allow to > receive bounces for yet unsigned messages). You can temporary reject > unsigned bounces in between, but if you are under attack, it will do > more harm than help. BATV seems like the best solution, but as said in my rely to Mark Alley, I am a little wary of standing it up, given the lack of maintained open source milters. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
