Auteur: Marc Sherman Date: À: exim-users Sujet: Re: [exim] Re: bounce messages and their potential misuse
Adam Funk wrote: >
> Now when we say "senders' addresses", which headers are we talking
> about? For example, I send mails from my home computer with various
> from-addresses (mainly one for work and one for personal stuff), none
> of which is associated with my ISP.
Either MAIL FROM, verified or fixed up with SMTP AUTH (such as Exim's
own submission mode), or some other verification method such as tracking
dynamic IP assignments to subscribers at the ISP.
Any large ISP that allows unverified local users to send mail through
its smarthost with arbitrarily forged MAIL FROM addresses and doesn't
fix them up to an authenticated address is essentially a paid access
open relay, and will eventually be marked as such by the various
blacklist operators.