[svlug] Re: [svlug]Email to/from SVLUG

Derek J. Balling dredd at megacity.org
Sun May 7 20:47:17 PDT 2000


At 9:50 AM -0700 5/7/00, Marc MERLIN wrote:
>
>  > Seems there is nothing in "MAIL FROM:" which my exim rejects. That
>>  prevents 99% of the spam.
>
>AFAIK, you send an Email with an empty envelope sender when that Email is a
>bounce and you don't want a bounce back.
>Also, the envelope sender doesn't look empty, it looks like it's
>svlug-admin at lists.svlug.org, which gets the Email bounces

You're correct. Rejecting mail sent with "MAIL FROM: <>" breaks 
bounces, and is a Very Bad Thing(tm). If you send me mail, you should 
be willing to (and the RFC's mandate you MUST) accept the bounces.

It is equally easy to forge "MAIL FROM: <>" as it is to forge "MAIL 
FROM: <someone at some_other_domain.com>", so the null-reject is a 
false-security issue.

I've wondered aloud many times if a DNSBL (a la MAPS, ORBS, etc.) is 
useful for listing what domains' MX's won't accept bounces back to 
them, and allowing mail admins to prevent the bounce-double-bounce 
loop from hitting their postmaster box when somebody misconfigures 
their mail server....

D





More information about the svlug mailing list