On 6 Apr 2003, wayne wrote:
In <20030406042307(_dot_)GC994(_at_)m1800> waltdnes(_at_)waltdnes(_dot_)org
writes:
The receiving MTA should always try hard to make the sending MTA
generate the bounce via the 5xx reject codes. It should also try to
verify that the MAIL FROM address is valid before it accepts the email
so that if a bounce has to be generated later, it can be. Exim can
verify not only the MAIL FROM, but also the From:, Reply-To: and
Sender: headers to try and cut down on bad bounces.
Something like the RMX or domain-specific DNSBL solution would also
help make sure that later bounces are not being sent to third party
spammer victims.
Could the receiving MTA, when it must send a DSN, restrict itself to
connecting to the connecting MTA or one of its MXs? In that case a forged
envelope from would typically result in a "relay denied" rather than
sending the DSN to an innocent third party. If the envelope from was in a
domain that the connecting MX serviced, presumably it would accept and
deliver the DSN. If the spammer forged addresses in the scope of the
connecting MTA, the DSN would still go through, of course, but the burden
would be on the "legitimate" users of the MTA, which would encourage
relays to be closed and spammer's accounts to be canceled.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg