I've found there was long discussion about bounces.
Why there is still nothing in unified specs about delivery notifications and
read reciepts ?
It's trivial to send short messages with spam text in subject like a:
Connect from "Fast_Speed_DSL" to server thich support develiry
notification/bounces
-----------
EHLO Fast_Speed_DSL
MAIL FROM: Troyaned_user(_at_)Fast_Speed_DSL_Provider RET=HDRS
ENVID=Enlarge_Your_Call_Us_At_8_800_123456789
RCPT TO: <somebody(_at_)Delivery_Notification_Server> NOTIFY=SUCCESS,FAILURE
ORCPT=rfc822;our_real_target(_at_)domain(_dot_)tld
RCPT TO: <onemore(_at_)Delivery_Notification_Server> NOTIFY=SUCCESS,FAILURE
ORCPT=rfc822;our_real_target(_at_)domain(_dot_)tld
RCPT TO: <evenmore(_at_)Delivery_Notification_Server> NOTIFY=SUCCESS,FAILURE
ORCPT=rfc822;our_real_target(_at_)domain(_dot_)tld
DATA
From: <Troyaned_user(_at_)Fast_Speed_DSL>
Delivery-Notification-To: <our_real_target(_at_)domain(_dot_)tld>
Disposition-Notification-To: <our_real_target(_at_)domain(_dot_)tld>
Errors-To: <our_real_target(_at_)domain(_dot_)tld>
Reply-To: <our_real_target(_at_)domain(_dot_)tld>
Sender: Troyaned_user(_at_)Fast_Speed_DSL_Provider
Subject: Enlarge it. Read more on
http://cheap.domain.we.buy.using.stolen.creditcard.com
<empty message>
.
QUIT
-----------
All delivery notifications will come from random pool of mail servers and
with <> email origin and will pass SPF validation.
You will be able to block Troyaned_user IP after a while - but everybody in
the world will continue to recieve delivery notifications,errors or replyes.
It's like a DRDoS.
IMHO, SPF must not limit validation on Mail from but check also all email
addresses listed as owned by email sender.
Can you add answer on my question in FAQ or desribe in specs ?
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua