Re: Mail's "Bounce" feature

In article <tacitr-D43D06.17463531032006@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
tacit <tacitr@xxxxxxx> wrote:

In article <barmar-D78EC3.18554629032006@xxxxxxxxxxxxxxxxxxxxxxxx>,
Barry Margolin <barmar@xxxxxxxxxxxx> wrote:

So? When the bounce gets back to the sender they can't tell how it was
generated.

Assuming that the bounce gets to the sender.

At session transaction time, the MX server knows who it's talking to.

So? Who it's talking to isn't usually the original sender.

Once the transaction has ended, that information has been lost; Mail
(and other servers, like Entourage server) do not any longer know who
initiated the transaction, and must rely on the header information in
the mail message.

Which, in the case of spam, is forged. Always.

If they're going to forge sender information, I assume they forge the
envelope as well. So it doesn't really matter whether the bounce is
sent by the MX server or the MUA. The only useful thing that can be
done during the SMTP session is for the MX server to return an error
code immediately rather than accepting the message, pushing the
responsibility for generating a bounce back to the sending MTA (which,
if it's a zombie doing direct delivery, will probably just ignore it).
But when there's mail forwarding involved, this won't happen.

But he wasn't talking about spam (in the post that started this
tangent), he was talking about legitimate mail that you want to send a
bounce to. He was talking about cases where you have good reason to
believe the sender information is valid. In this case, bouncing from
the MUA is fine.

His response said that such bounces "would not be accepted", and I
haven't seen him explain why not yet.

--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.

Relevant Pages

  • Re: basic questions
    ... log shows only a few of them actually generated bounce messages. ... Badmail records double-bounces: messages whose recipient was ... whatever reason (when the sender address+domain was completely ... bounces don't result in additional bounces generated by your server. ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Where does email get bounced to?
    ... To legitimately "bounce", an e-mail must be returned to the sending ... returns it to the Sender via the same chain it arrived in. ... spamming that person and making YOU open to spam complaints. ... I can't tell for sure exactly where you think mail bounces happen, but the process is done by the SERVER, NOT by the sender. ...
    (alt.php)
  • Re: Blocked due to spam bounces?
    ... This could have caused that mail provider to consider my server a problem and to block my IP address. ... Although Qmail has supposedly a support community, nothing really seems to happen to it over time, from the looks of it, besides minor fixes to make sure that the code still compiles on modern platforms. ... It may come as a shock to some, but these days Qmail is pretty much the only mail server that's too stupid to know how to reject unwanted mail, and must swallow it just to spit it out back to the purported sender, which is forged, 99% of the time. ... All other mainstream mail servers have figured out a long time ago how to reject mail for nonexistent mailboxes, or any other kind of unwanted mail, so they don't need to accept it, and bounce it. ...
    (comp.mail.misc)
  • Re: Where does email get bounced to?
    ... To legitimately "bounce", an e-mail must be returned to the sending ... returns it to the Sender via the same chain it arrived in. ... spamming that person and making YOU open to spam complaints. ... the process is done by the SERVER, ...
    (alt.php)
  • Re: Bounce Email plug-in, or rule? Anti-Stalking help, please
    ... We know who is the sender and the email "from" address is valid. ... We want to bounce it, with the end desire being that "you cannot get to ... During the mail session between MTUs, the receiving MTU knows who was ...
    (microsoft.public.outlook)