Hi, Greg Wooledge wrote: > This response message > is sent with an envelope sender (MAIL FROM) address of > postmas...@vps268904.ovh.net > [...] > How does an > email address that only appears in the body get counted as if it were > the sender?
I doubt that it is due to any address in the body. Rather i assume that you are named in the MAIL FROM command of the bounce message. See https://en.wikipedia.org/wiki/Bounce_address https://en.wikipedia.org/wiki/Bounce_message The offender would send a bounce message to bendel.debian.org with your address as forged sender of the bounced mail: https://en.wikipedia.org/wiki/Backscatter_%28email%29 What you see is the payload part of the bounce message, which is mainly an ornament without technical function. It could be completely forged. Only bendel.debian.org knows from where the bounce message came. If this theory is true, then a solution would be to equip each list mail with a unique resend id, which could be an encrypted combination of subscribed mail address and resend time. Only if this mail header line is included in the bounce message and matches the alleged senderi and roughly the time, only then a bounce is credible. Have a nice day :) Thomas
