[Mimedefang] How to change envelope sender?

Les Mikesell lesmikesell at gmail.com
Tue May 7 16:24:55 EDT 2013

On Mon, May 6, 2013 at 7:12 PM,  <kd6lvw at yahoo.com> wrote:
>> So, you can pass your knowledge on to the recipient, leaving the
>> disposition up to them.   For example, I think google is probably as
>> good as anyone at that sort of bulk-discovery, and yet I regularly
>> find things they've tossed in the spam folder that are not spam.   Why
>> do you think you have less false positives then they do?
> 1)  Not always.  For example, with a dictionary attack, for most of the attempts, there will be no valid user to pass on such information, and it's pretty obvious that when such an attack does hit a valid mailbox, that recipient should NOT get malicious message at all.

I'm not sure "pretty obvious" is the same as never having false positives, but..

> 2)  Because I'm not a target of spammers like Google is.
> Passing on a message to the user means accepting responsibility for it, which in turn implies to the spammer that the mailbox was valid (and it usually is or is a spamtrap).  Such messages cannot be rejected during the SMTP transaction (because one is accepting them to let the user
determine its maliciousness).

Delivering a message or rejecting with as appropriate a message for
the sender as possible is a mailer's "responsibility".  Passing
various levels of judgement on the content is an optional feature.

> Under your theory, an MTA should pass on messages containing e-mail virii too, so the user can determine it (or get infected for the not-so-savvy users).  This latter point I clearly disagree with.

This sort-of depends on the level of confidence you have in your
scanning tools.  I don't think anyone wants to receive virii, although
an end user should have equal quality antivirus protection anyway. In
any case if you reject with an appropriate reason you have fulfilled a
mailer's obligations.

   Les Mikesell
     lesmikesell at gmail.com

More information about the MIMEDefang mailing list