Michael Breton elucidated on 14/11/06 20:59:
I forgot to ask, why did I receive the bounce email for Paypal's
mistake? (I had not expected to receive it now I have SPF setup on
jguk.org) Is there a way to avoid getting it? I presume their MTA
generated a fresh email or some such..?
You received the bounce, because after Paypal's unsuccessful attempt to
send you the original message, their MTA created a bounce, which, by
definition, always has an empty MAIL FROM, which is not subjected to the
SPF requirements like the original message was.
Just to check I understand correctly. Do you mean the bounce message
(the actual one that I received, from MAILER-DAEMON(_at_)paypal(_dot_)com) had a
missing MAIL FROM? (That's the Return-Path: <>). Is it considered
acceptable to send messages with such an missing MAIL FROM?
Is there a reason not to just Reject any MAIL FROM <> messages? It
seems like a loop hole, which a spammer could exploit to send someone
messages.
By definition, bounce emails always have an empty MAIL FROM (i.e. MAIL FROM
<>)
Also, by RFC, email systems are REQUIRED to accept them.
However, the definition of a bounce message says that a bounce message may
only have one recipient. So my mail server rejects messages with an empty
MAIL FROM and more than one recipient. That is, of course, in addition to
the various blacklists I use and other anti-spam measures (like
spamassassin) I have implemented.
Michael Breton
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735