On 2018-05-15, Mike Brudenell via Exim-users <exim-users@???> wrote:
> On Mon, 14 May 2018 at 11:32, Jasen Betts via Exim-users <
> exim-users@???> wrote:
>
>> On 2018-05-14, Mark Elkins via Exim-users <exim-users@???> wrote:
>> > Someone is using "please@???" as the source of spam e-mail. The
>> > address does not exist...
>>
>> step 0: publish an SPF record.
>>
>
> Umm… This would help authenticate *outgoing* mail, but from the sound of it
> (here and in a later message) Mark is seeing *incoming* Non-Delivery
> Reports coming back *into* his <please@???> address. So an SPF
> record isn't likely to help block these as his domain won't be in the
> RFC5321.MailFrom address or the HELO string (used, if memory serves, when
> the RFC5321.MailFrom is <> such as for Non-Delivery Reports).
An SPF should make it harder to generate backscatter, hopefully most
systems that are opportunistically attempting to forward email are
at-least checking SPF.
> You're perhaps looking at BATV
BATV only works if you can rewrite the envelope sender of all messages from the
domain.
--
ت
