"Jon Kyme" <jrk(_at_)merseymail(_dot_)com> wrote:
It seems likely that some spamware is using a list of local parts
(or an algorithm for generating local parts) and a
list of valid domains to construct likely looking "senders".
I agree. I've seen the same thing myself.
I'm inclined to think that, excluding nuisance forgery (anyone upset
a spammer?), sender forgery might be largely accounted for by
"accident" - and be fairly low frequency.
I've received a steady trickle of bounces from spam forged from my
domain. It's about 6 orders of magnitude less than the spam received
by the domain, if that means anything.
The most curious part about it was my fights with "anti-spam" people
who had blacklisted the domain, or marked it as "spammer", solely
because of forged addresses in the "From" line. It usually took
substantial effort to get them to understand that a forged address in
a "From" line had little to do with the domain used in the forgery.
I'm not surprised to see the same attitude here.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg