Author: Alan J. Flavell Date: To: Dave C. CC: Exim users list Subject: Re: [Exim] Callbacks and bounces (exim v3)
On Fri, 28 Jun 2002, Dave C. wrote:
> Many systems put "MAILER-DAEMON@theirdomain" as the header-sender when
> they generate bounces.
Oh, indeed. That much was clear.
> Validating header senders with a callback is a bit extreme though.
Well, we tried enabling callbacks for a selected subset of domains for
which spammers seemed to have a habit of counterfeiting sender
addresses. Of course this can only pay off in relation to domains
which really _do_ repudiate bad addresses at the RCPT TO stage, but
aside from that caveat, we know that it has shielded us from
significant amounts of spam.
> Usually bounce messages with have an envelope sender of <> which is
> always automatically considered 'valid' by exim.
Right.
However, it does now look as if it's inadvisable to do callbacks for a
domain which repudiates their own bounce headers. At least not with
v3, where Phil just said that for callback purposes there's no
distinction drawn between bounces and normal mails.
[And yes, before you remind me - I do know that some spam is
counterfeited as if it were a bounce.]
