[Info-vax] inhibit email with From: <> from being sent

Bob Eager news0001 at eager.cx
Sat Dec 31 09:21:54 EST 2011 

On Sat, 31 Dec 2011 13:21:53 +0000, Phillip Helbig---undress to reply
wrote:

> In article <9m6ukaFamjU4 at mid.individual.net>, Bob Eager
> <news0001 at eager.cx> writes:
> 
>> On Fri, 30 Dec 2011 22:23:23 +0000, Phillip Helbig---undress to reply
>> wrote:
>> 
>> > In article <9m3ce5F3gnU2 at mid.individual.net>, Bob Eager
>> > <news0001 at eager.cx> writes:
>> > 
>> >> > In the log of my SMTP relay server, I occasionally see a record of
>> >> > emails sent from the adress "<>", i.e. with an empty From: header.
>> >> >  I suspect this is some sort of backscatter spam.  (In general, a
>> >> > combination of RBL and setting Symbiont-Checks-Deliverability: to
>> >> > FALSE has stopped most of my spam.)  Is there any way to prevent
>> >> > this from being sent?
>> >> 
>> >> No, it's a valid thing to do. Read RFC 5321, section 4.5.5 in
>> >> particular.
>> >> 
>> >> It is not backscatter spam - in fact, it's almost the opposite.
>> > 
>> > I had a quick glance: delivery-status notification or something like
>> > that.  But the address is not one I recognize (I have NEVER noticed
>> > such an email getting sent to an address I recognize), so I am
>> > assuming that while perhaps it SHOULD be generated, maybe someone
>> > sent a spam email to a non-existent user (with more than 12
>> > characters, so that my old version of SMTP doesn't just drop it) and
>> > this is the automatic response to that.  But suppose the From:
>> > address is bogus; in that case it would be backscatter spam, right?
>> 
>> Could indeed be. The answer there is to reject it via the From: address
>> rather than the <>, which would be dangerous.
> 
> Suppose someone sends me an email with a forged From: header.  If I
> reject it (with <> as the From: header on my side in the notification
> mail) and send it to the forged From: header, then I am unwittingly
> helping the spammer.

I should have been more specific. I just drop the connection in some of 
these cases.



-- 
Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

*lightning protection* - a w_tom conductor

More information about the Info-vax mailing list