Instead, a spammer has faked an address at your domain and used it as the return address for a message to another domain. The empty MAIL FROM: messages that you are seeing are probably not coming from a spammer. Your users would not get bounce messages from other domains: they would never know if they made a typo when sending mail to a user at another domain.What would happen if you block messages with an empty MAIL FROM:? Without this, it might be possible for someone to DoS you simply by faking a message to a non-existent user at another domain, with a return address of a non-existent user at your own domain, resulting in a never-ending loop of bounce messages. When MAIL FROM is used with an empty address (represented as ), the receiving server knows not to generate a bounce message if the message is being sent to a non-existent user. It’s used primarily for bounce messages, to prevent an endless loop. Mail servers are required to support it ( RFC 1123 section 5.2.9). The empty MAIL FROM is used for delivery status notifications. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Recently, we found that hacker had hacked some user accounts and sent out lots of spams.
0 kommentar(er)
