On Sun, 2017-04-30 at 17:10 -0400, Alex wrote: > I'm talking about legitimate, non-spam mail sent by users on our > systems with valid accounts having their bounces being tagged as > spam. > And of course, any valid bounce must be delivered.
> > In any case, regardless of whether I get bounced spam containing my > > domain as forged sender or whether the whole bounce message is a > > forgery, it can be safely binned, hence my rule. > > I would think people would want their legitimate bounce > notifications, no? > Yes, quite so. Mail sent from my domain invariably has a related and recognisably related domain name in the message ID, so I can be quite certain that mail with an unrelated domain on the message ID is spam. I realise that this may not work in all cases (and especially not if mailing lists are involved). That said, similar rules to mine are likely to be useful wherever the domain name is part of the names of hosts that send external mail. > And if they are fakes, how effective could they really be, with > "Undeliverable" in the subject, and the spam/payload only appearing > well down into the body of the email, past all the notification > messages? > Many people are going to look at the bounced message to remind themselves what it was about and who it was sent to. IIRC there are mail readers where you can't see that detail without opening the attached message. Do that and BOOM, the payload is launched: this is especially dangerous if the mail reader has an active preview window. Martin
