On 2022-08-22 at 13:18:25 UTC-0400 (Mon, 22 Aug 2022 13:18:25 -0400) <post...@ptld.com> is rumored to have said:
Viktor, genuine question and not meant to be combative; I feel like I'm forgetting / missing something. Why isn't every spammer sending spam from <> if it gets a free pass?
As Viktor said, exempting the null sender from broader rules about senders isn't a 'free pass' it is a non-inclusion in enforcements that would hit useful wanted messages. There are still possible defenses against SOME spammers using the null sender, including starting your "smtpd_data_restrictions" list with "reject_multi_recipient_bounce." Some spam filters (e.g. SpamAssassin) have mechanisms for detecting such spam as "fake bounces" because it is only errors generated by the email system (i.e. mostly "bounces") that should be using the null sender. These should work pretty well against phishes that are not trying internally to resemble bounces.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
