Re: [exim] Heads up?

Top Page
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: Marilyn Davis
CC: exim-users
Subject: Re: [exim] Heads up?
Marilyn Davis wrote:
>
> Thank you! Ok, I'm finished with spf.
>
> I have one more question, if anyone still has the patience to answer me.
>
> If the challenge to a spoofed message is sent at SMTP time in the
> acl_smtp_data, doesn't the challenge go to the spoofer and not become
> collateral spam?


No.  The challenge is sent as a separate email to the return path 
(envelope from), not as an SMTP rejection.  That challenge mail will go 
to the same address regardless of when it is sent.  There are three 
possibilities here:
1) Bogus return address: the challenge gets rejected at SMTP time, the 
original message is blackholed, no-one is annoyed.  This is the same way 
that sender callout verification works.
2) Valid return address on real mail: the original sender gets the 
challenge, and is annoyed.
    2a) The original sender answers the challenge, and the recipient 
gets the original mail.
    2b) The original sender ignores the challenge, and the original mail 
is blackholed.
3) Faked return address (joe job): Some innocent third party gets the 
challenge, and is annoyed.


Cases 2 and 3 both suck, but case 2 is between the sender and the
recipient; I don't really care much there. Case 3 is the real problem
with c/r. I got joe-jobbed last year, and received a ton of bogus C/Rs.
At the time, I just trained my spam filter (spambayes back then) to
recognize them. I kind of wish I had that system filter I posted this
morning to automatically approve delivery of all that spam, now.

- Marc