Here's a little problem I see with implementing SUBMITTER on an MTA... let me
know if I'm wrong on anything.
First, let's assume a domain "allows-submitter.com", who has MTAs which allow
SUBMITTER to be specified on the "MAIL FROM" command.
allows-submitter.com has the following MX records:
mx1.allows-submitter.com MX preference = 0
mx2.allows-submitter.com MX preference = 10
A spammer/virus connects to mx2.allows-submitter.com because it knows that a
message sent to a secondary MTA is much more likely to cause a bounce than a
rejection.
connection to mx2.allows-submitter.com
------
MAIL FROM: recipient(_at_)target(_dot_)com
SUBMITTER=hostile(_at_)throw-away(_dot_)com
RCPT TO: invalid(_at_)allows-submitter(_dot_)com
DATA
(includes virus or spam as payload)
When mx2 tries to relay to mx1 (the primary MTA), mx1 rejects the message
because "invalid(_at_)allows-submitter(_dot_)com" doesn't exist (or has mailbox
full, etc...). Now, mx2 sends a DSN (attaching the payload) to
"recipient(_at_)target(_dot_)com".
"recipient(_at_)target(_dot_)com" (and probably a lot of other recipients in a
lot of other domains) is now receiving spam/viruses from <>
(postmaster(_at_)allows-submitter(_dot_)com) and SPF evaluation proves that it
is coming from "allows-submitter.com". So, the postmaster at target.com decides
to blacklist the "allows-submitter.com" domain because (somewhat like an
open-relay) they are allowing spam and viruses to be relayed through their MTA.
Am I missing anything?
Michael R. Brumm