* Maciej W. Rozycki: > On Sun, 22 Mar 2020, Florian Weimer wrote: > >> > Spam bouncing is evil and often hits an innocent person whose address has >> > been faked by the sender of spam, making the source of bounces not better >> > than the originator. >> >> I expect this to be an SMTP-level rejection, not a bounce. sourceware >> generates a bounce from that, and Mailman reacts to that. But the >> target mail server does not generate a bounce. So your concern about >> bad ISP behavior does not apply here. > > You mean as with a failure response given to the SMTP DATA command? > This is actually equally evil as the resulting bounce (i.e. a delivery > failure notification, or a flood of them, once other MTAs have joined in a > response to a mass mailing; that is exactly what I suffered from a few > years ago) will hit whoever's fake envelope sender address has been given > with the MAIL FROM command. You don't expect a real one with spam, do > you?
No, this is not what happens (unless an open SMTP relay is involved, which is a different kind of problem). The error result from the DATA command is either observed directly by the spamming software (which does not generate a bounce message), or by some mail relay at an ISP. These relays check the envelope sender address before accepting a message for relaying, so if they need to generate a bounce, it will not be sent to an unrelated party.
