On Mon, 14 May 2018 at 11:32, Jasen Betts via Exim-users < [email protected]> wrote:
> On 2018-05-14, Mark Elkins via Exim-users <[email protected]> wrote: > > Someone is using "[email protected]" as the source of spam e-mail. The > > address does not exist... > > step 0: publish an SPF record. > Umm… This would help authenticate *outgoing* mail, but from the sound of it (here and in a later message) Mark is seeing *incoming* Non-Delivery Reports coming back *into* his <[email protected]> address. So an SPF record isn't likely to help block these as his domain won't be in the RFC5321.MailFrom address or the HELO string (used, if memory serves, when the RFC5321.MailFrom is <> such as for Non-Delivery Reports). You're perhaps looking at BATV <https://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation> instead so you can discard invalid NDRs coming back as backscatter spam. But that would be a longer term solution rather than a quick fix to address (if you'll pardon the bijou pun-ette) the current address problem he's seeing. Cheers, Mike B-) -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
