James wrote regarding 'RE: [EE] email spamblock router?' on Mon, Jan 16 at 18:59:
> > No, the person whose From: was forged in the spam will get the bounce.
[...]
> I'm not totally sure, but if MY server tries to deliver an email to another
> server and that server rejects it, my server will instantly generate a
> bounce notice back to me showing that the email could not be delivered. This
> is NOT going to the From address in my outgoing header. It is a result of
> the failed connection directly from my server to the other.
> 
> This is the point of moving the RBL check to the front end of the mail
> server. If I accept the email, THEN try to bounce it, I have only the From:
> address to go by. If I bounce it when the other server is still "on the
> line" talking to me, I /know/ the correct server got the message.
> 
> Or am I missing something?

Most of the junk is bounced through an open relay, often in some lax
country like China or Korea (which is why I block those groups).  The
open relay doesn't make any attempt to validate the from: or to:, just
happily accepting the message from the malicious sender and forwarding
along to the next destination.  When it gets the bad message back, it
just as happily forwards the error back to what it thinks is the
original destination - the forged From: address.  Apparantly, this is
often my address. :)

So when you reject the junk, you're usually not rejecting the message
from the sender's ISP - you're rejecting it via a second or third hop
which has already terminated its connection with the "real" originator
and has nothing but the From: header to go on (technically the "MAIL
FROM" line, I guess, as the From: header doesn't have to match).  It's
not your problem, as you've saved your bandwidth - but you've just
wasted someone else's.  Probably mine. ;)

This open relay problem is one of the strong points of the ORBS
blacklist, BTW.  There is no reason for anyone to run run an open SMTP
relay outside of laziness, but unfortunately there are several lazy
ISPs out there, and some are big ones (like, most of Spain, so it
seems) which you then either have to whitelist or discard with the
rest.

--Danny
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist