From = to

Alan Fiebig mailscanner at ELKNET.NET
Fri Jul 18 21:57:50 IST 2003


I searched the archives, but didn't find an answer, so I'm trying here.
Thanks in advance for any help :)

We see a number of spams coming in where the 'From:' address has been set by the spammer to be the same as the 'To:' address.
When MS detects these, a bounce message typically consisting of the 'Sender Spamassassin Report', it sends the bounce message to the spam's 'From:' address. As the 'From:' was forged to be the same as the intended recepient of the spam, its that poor recepient who gets the bounce message.

They quickly in turn email us screaming "I didn't send out that spam, especially not to myself!"

So, what I'm looking for is some means of bypassing the 'bounce' action anytime the 'From:' or the 'Rely to:' is the same as the 'To:' address.

Any ideas?

-Alan



More information about the MailScanner mailing list