ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto

2021-08-03 12:29:56
On 8/3/2021 6:43 AM, Viktor Dukhovni wrote:
So a miscreant abusing "Delivered-To" can cause the receiving system
to emit lots of bounces to a forged envelope sender address.

The "Delivered-To" address is an internal representation of the target
mailbox (for loop detection), and is not intended for consumption by
MUAs or tools like fetchmail.

An abuser sends a single message that contains a Delivered-To and might then trigger a bounce back to the return address. This is a one-for-one effect. To be interesting, the attacker needs to send many of these addresses, to produce many of these bounces. Yes?

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>