"Michael R. Brumm" <me(_at_)michaelbrumm(_dot_)com> writes:
I think you need to re-read my message. I don't see anything in your
argument which would prevent the attack scheme I outlined from
occurring. SUBMITTER allows forged bounces to be injected onto
forwarders (even with PRA checks). The bounces go to a third party
(the MAIL FROM), which may see the forged bounces as spam/viruses from
the forwarder (not the injector). This could cause the forwarder
(which is only following the SUBMITTER protocol) to be blacklisted.
Which can be avoided by the forwarder doing SPF classic (or
equivalent) checks to validate the MAIL FROM, and rejecting the mail
if this fails, as well as performing SUBMITTER checks. Which is why I
think that it is important that whatever may be decided about PRA,
SUBMITTER and RCF2822 checks, that it is still important to do perform
MAIL FROM checks to prevent such injections.
Your scenario also shows that it is unwise to include the message body
in bounces. Forwarder is less likely to be blacklisted if the bounces
do not contain the spam/virus payload (but that is not the province of
this list)