Cloud-based scanning

Steve Freegard steve.freegard at fsl.com
Mon Mar 9 10:56:56 GMT 2015


On 06/03/15 19:12, Denis Beauchemin wrote:

> 2- it looks like emails to invalid addresses are handled correctly as you can see in the following email I received after sending from gmail:
> smtpe2.usherbrooke.ca rejected your message to the following email addresses:
>
> toto at usherbrooke.quebec
> The email address wasn't found at the destination domain. It might be misspelled or it might not exist any longer. Try retyping the address and resending the message.
> If that doesn't work, contact the recipient (by phone or instant messaging, for example) to check that the address is correct. If the problem continues, forward this message to your email admin.
>
> For Email Administrators
> For more tips to help fix this issue, see DSN 5.1.1 Errors in Exchange Online and Office 365.
>
> smtpe2.usherbrooke.ca gave this error:
> <toto at usherbrooke.quebec>... User unknown
>

Unfortunately - that isn't really the 'proper' way.   They're doing what 
I expected they'd do - they're accepting the message and bouncing it 
afterwards (instead of rejecting it outright at receipt and making the 
originating hop bounce it without it leaving their system).

Basically - if a spammer decided to send mail to a bunch of old expired 
(or simply invalid) userbrooke.queuec addresses as recipients with a 
spoofed-but-valid return-path, then the poor owner of the spoofed 
address would get a load of backscatter in return (from Microsoft).

Helpfully too - Microsoft attach the original mail to the bounce (I just 
tried it myself), so it could potentially be used as a crude way to make 
Microsoft send a load of spam (e.g. send the mail with a return-path of 
the victim and intentionally make the recipient invalid, then Microsoft 
will bounce the message to the victim with the spam payload attached).

Kind regards,
Steve.





More information about the MailScanner mailing list