I am getting mail bounced to me that was sent by someone else spamming. The following headers are from one of over 100 bounces by about 25 different domains like aol.com, pacwest.com, and nationwide.com.
From: "Ralph Dillard" <[EMAIL PROTECTED]> Reply-To: "Felecia Chu" <[EMAIL PROTECTED]>
Begin forwarded message:
From: Mail Delivery Subsystem <[EMAIL PROTECTED]> Date: May 24, 2004 3:58:44 AM EDT To: <[EMAIL PROTECTED]> Subject: Returned mail: User unknown
How do they do it and how do I stop it?
They do it ('they' largely being Microsoft mail worms) by randomly using your address from whatever addresses they can find on an infected machine and forging mail to appear to be from you. That's a trivial matter, because there is no common mechanism for validating senders in SMTP.
There really is no way at present to stop it. The IRTF's Anti-Spam Rearch Group is trying to generate feasible ideas and has to some extent in triggering an IETF focus group on Mail Authentication Records In DNS (MARID) proposals such as Yahoo's DomainKeys mechanism, Microsoft's supremely stupid Mail CallerID, and the publicly developed SPF. Between my starting this message and completing it, MS has announced that they will be embracing and extending SPF with some of the worse ideas from CID. <sigh>
All of those are mechanisms which would eliminate various sorts of sender forgery. Currently nothing prevents it, and for really big mail systems it is common to be unable to do a good job of recipient validation until after the message has been accepted. Hence AOL accepts mail for bogus users forged to be from you, and dutifully sends you the bounce after determining that the target does not exist.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
