Autor: Marc Sherman Data: A: exim-users Assumpte: Re: [exim] Anti Phishing Trick
Marilyn Davis wrote: >>
>>I don't know what "collateral mail" is. The term I used, "collateral
>
> I mean all mail that is automatically generated because of some
> incoming mail, for any reason.
That's generally referred to as either DSN, bounce, or auto-response
(for the case of vacation and similar messages). "Collateral mail" is
not a commonly used term, and people will think you're talking about
collateral spam (ie: secondary spam, sent to an innocent third party, as
a bounce of the primary spam; cf. collateral damage).
> I think of "spam" as advertising email. But maybe you also think of
> it as Joe Job email, which is evil prank email. The Joe Jobs I've
> experienced were an evil destructive attack on a political group and
> did not look like advertising so that they wouldn't be stopped by spam
> filters.
>
> Advertisers have nothing to gain by forging a legitimate victim sender
> address. In fact, they lose that victim as a customer. Do your users
> experience a lot/any of that?
A lot of joe jobs mail these days aren't intended as an attack against
the purported sender, but rather just use their address simply to get
through mail servers which do callout verification. Since the purported
sender address exists, the callout will succeed, and the message will be
delivered.
I know that the couple times I've been hit by a joe job, I haven't been
able to trace it to anyone who would have any reason to attack me.