On 2018-05-15, Mike Brudenell via Exim-users <[email protected]> wrote:
> On Mon, 14 May 2018 at 11:32, Jasen Betts via Exim-users <
> [email protected]> wrote:
>
>> On 2018-05-14, Mark Elkins via Exim-users <[email protected]> wrote:
>> > Someone is using "[email protected]" as the source of spam e-mail. The
>> > address does not exist...
>>
>> step 0: publish an SPF record.
>>
>
> Umm… This would help authenticate *outgoing* mail, but from the sound of it
> (here and in a later message) Mark is seeing *incoming* Non-Delivery
> Reports coming back *into* his <[email protected]> address. So an SPF
> record isn't likely to help block these as his domain won't be in the
> RFC5321.MailFrom address or the HELO string (used, if memory serves, when
> the RFC5321.MailFrom is <> such as for Non-Delivery Reports).
An SPF should make it harder to generate backscatter, hopefully most
systems that are opportunistically attempting to forward email are
at-least checking SPF.
> You're perhaps looking at BATV
BATV only works if you can rewrite the envelope sender of all messages from the
domain.
--
ت
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
