<p dir="ltr">As said, potential spam reflector... Yuk.<br>
Good explanation Steve, thanks for that! </p>
<p dir="ltr">Cheers! <br>
-- <br>
-- Glenn </p>
<div class="gmail_quote">Den 9 mar 2015 12:26 skrev "Steve Freegard" <<a href="mailto:steve.freegard@fsl.com">steve.freegard@fsl.com</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/03/15 19:12, Denis Beauchemin wrote:<br>
<br>
> 2- it looks like emails to invalid addresses are handled correctly as you can see in the following email I received after sending from gmail:<br>
> <a href="http://smtpe2.usherbrooke.ca" target="_blank">smtpe2.usherbrooke.ca</a> rejected your message to the following email addresses:<br>
><br>
> toto@usherbrooke.quebec<br>
> The email address wasn't found at the destination domain. It might be misspelled or it might not exist any longer. Try retyping the address and resending the message.<br>
> If that doesn't work, contact the recipient (by phone or instant messaging, for example) to check that the address is correct. If the problem continues, forward this message to your email admin.<br>
><br>
> For Email Administrators<br>
> For more tips to help fix this issue, see DSN 5.1.1 Errors in Exchange Online and Office 365.<br>
><br>
> <a href="http://smtpe2.usherbrooke.ca" target="_blank">smtpe2.usherbrooke.ca</a> gave this error:<br>
> <toto@usherbrooke.quebec>... User unknown<br>
><br>
<br>
Unfortunately - that isn't really the 'proper' way. They're doing what<br>
I expected they'd do - they're accepting the message and bouncing it<br>
afterwards (instead of rejecting it outright at receipt and making the<br>
originating hop bounce it without it leaving their system).<br>
<br>
Basically - if a spammer decided to send mail to a bunch of old expired<br>
(or simply invalid) userbrooke.queuec addresses as recipients with a<br>
spoofed-but-valid return-path, then the poor owner of the spoofed<br>
address would get a load of backscatter in return (from Microsoft).<br>
<br>
Helpfully too - Microsoft attach the original mail to the bounce (I just<br>
tried it myself), so it could potentially be used as a crude way to make<br>
Microsoft send a load of spam (e.g. send the mail with a return-path of<br>
the victim and intentionally make the recipient invalid, then Microsoft<br>
will bounce the message to the victim with the spam payload attached).<br>
<br>
Kind regards,<br>
Steve.<br>
<br>
<br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</blockquote></div>