Rainer Dorsch <ml@???> (Sa 12 Dez 2015 19:39:30 CET):
> Hi Heiko,
>
> many, many thanks for the detailed analysis. The result is really surprising for me:
(…)
> What do you recommend to do to filter spam with an empty message's sender?
Exim has BATV (bounce address tag validation).
Bounces should have some reason, that is, beforce getting a bounce to
metzingen@*.de, metzingen@*.de needs to appear as a
message sender somewhere.
If you're sure, that this address never sends mails, you can just reject
such messages.
BATV extends this by using 'tagged' message senders (e.g. using
metzingen-20151212@*.de). If a bounce comes back to metzingen-20151212@*.de, it
gets accepted, if it arrives in a specified time frame (the -20151212 is the date this
sender address was used).
In real live the date time stamp is crypted, to prevent others from
pre-computing it.
But I'm not sure if you can use this in your personal .forward. And in
the first place it requires your sending hosts to tag the sender
addresses.
> PS: This address was in use exclusively for the Outlet City Metzingen.
> I notified them that (assuming that they did not sell my address) somebody may
> have access to their systems.
Meanwhile it's spread around the globe via this mailing list :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
