-----Original Message----- From: Jeremy Morton [mailto:ad...@game-point.net] Sent: zondag 5 april 2009 12:36 To: SM Cc: users@spamassassin.apache.org Subject: Re: Ways to block bouncebacks?
> Unless I'm missing something, this is going to be utterly useless for > me. Wikipedia says: "E-mail that is being bounced back should have an > empty (null) return address so that bounces are never created for a > bounce and therefore you can't get messages bouncing back and forth > forever." I'm not quite sure what they mean by 'return address'; do they > mean the From: field? If so, all the backscatter I'm getting has a > From: address so none of it would be considered bounce messages by BATV; > it would be considered regular mail. Yes, you're missing a lot. :) Seriously. First off all, we're talking about MTA <-> MTA communication -- the 'envelope' stage of the SMTP transmission, to be precise. With 'return address' they mean what I usually refer to as 'envelope-from' address, for clarity. The envelope-from address (unless purposely imported with the mail headers) is normally outside the regular scope of the MUA (Mail User Agent). In my case, the SRS addresses are not visible to the end-users's MUA (or maybe only in a 'Received for:' header when there's a single recipient, or some such). Which you can observe on this very message: the "From:" field in headers of this message is unsigned, but the SRS-signed envelope-from address is listed in the header's "Return-Path" field. Mind you, headers are part of the DATA phase: you should not rely on them to contain the Return-Path header, and such info is not required for inter-MTA communication, either. BATV, to oversimplify the matter for brevity, is actually akin to the way I use SRS (there's even a link to SRS for it on Wikipedia, and they even state: "The overall framework is vague/flexible enough that similar systems such as Sender Rewriting Scheme can fit into this framework."). SRS, namely, was originally not at all designed to be used in a BATV kind manner: it was invented to rewrite existing envelope-from addresses (with the domain of the current MTA) to avoid the SPF-forwarding problem. I, and others at the time, just figured out that SRS can also be used, very effectively, to detect and eliminate fake bounces. So, yes, you could certainly have a look at BATV, too. But honestly, if you're not quite sure what they mean by 'return adress,' and you get it confused with a mail 'From:' header, then you probably best bone up a bit on your RFC knowledge; especially the contextual differences between RFC 821 and RFC 2821. Otherwise we'll keep going around in circles. - Mark
