Re: [Exim] Viruses, and HELOs without dots

On Mon, Aug 02, 2004 at 06:28:19PM +0100, Alan J. Flavell said:
> On Mon, 2 Aug 2004, Hochstrasser Benedikt wrote:
>
> >What I like even more is MAIL FROM == RCPT TO...
>
> I'm sorry if I seem overly argumentative today, but we've just had
> four of those, which - as far as the user was concerned - were bona
> fide mails, whatever we admins might have thought.

Forged envelope senders is never legit. That kind of thing will break at
every site that uses SPF, and is totally incompatible with many other
anti-spam configurations and proposals as well. "From:" forging is much
different that MAIL FROM forging. One has a legit uses, the other does
not.

> She visited a real-estate web site, liked the look of four of the
> properties, and asked it to email the details to her. Which it duly
> did, in four successive emails: putting her own address as envelope
> sender, as well as recipient.
>
> Now, you may say they're very stupid to have their web site do that,
> but nevertheless, the user would not be amused if we had rejected the
> mails on sight.

Sorry, but sites that accept mail from this kind of site perpetuate this
behavior. How the heck are we supposed to deal with spam if "legit"
sites are behaving just as bad as spammers? The content may well be
"legit" but the transport is not.

It's quite likely that the web site didn't want to deal with bounced
mails. This is not the way to do it.

Persoanlly, I would have rejected the mail, and when the customer
complained about not getting this bogus mail, whitelist and inform the
sender that they have 30 days to fix their email system before further
mail is rejected for non-compliance.

Would you mind sharing the name of this moronic web site? By any chance
would it be realtor.com aka homestore.net? Anyone else care to join me
in LARTING the crap out of them?