[Mimedefang] How to change envelope sender?

[kd6lvw at yahoo.com]

--- On Fri, 5/3/13, Les Mikesell <lesmikesell at gmail.com> wrote:
> Tilman Schmidt <t.schmidt at phoenixsoftware.de> wrote:
> > Backscatter OTOH is a nuisance, which should be minimized ...
> 
> The problem case is where a spammer discovers that sending to an
> address will generate a bounce and sends with forged 'from' addresses
> that are intended as the eventual targets.   So there is potential for
> damage, but it doesn't necessarily override the responsibility to
> deliver or report failures.

The above is not only a backscatter problem but the fundamental flaw in challenge-response systems (because to be useful, the challenge message must quote some part of the message under challenge -- even if it's just the subject line).

Backscatter for the most part is not a problem because it has a simple solution:  Message source authentication, with varying implementations and degrees of success - SPF, DKIM, MTX, PGP-signatures, etc.  Only the uneducated and/or inept mail administrators let backscatter happen today by failing to implement at least one (if not all of these).  Widespread adoption of solutions is the problem.