Did you know that if a spammer uses your email address as the FROM: address, which is easy to do, all the bounce messages will go to your email address? If the spammer really hates you, they will send millions of emails with your FROM: address and you will get a million bounce messages.
Can you stop this or prevent this? No
Why would a mail provider send you a bounce message, knowing you’re innocent? Because that’s how someone wrote the protocol back then, and nobody changes it or does it differently because … reasons.
Does the spammer get a bounce message? Nope, not one.
Does the SMTP sending account owner whose credentials were stolen be notified about bounces so they can stop the spam? Nope.
Just millions of emails sent every day to poor schlameels who have no idea why they are getting them and who can’t do anything about them.
The more I learn about the email protocols, the more I realize how terrible the design is.
#emailsecurity #spoofing #cybersecurity #spam
Most people these days filter while the SMTP session is still open. Reject while session is open and the actual sender gets the rejection.
Forged reply-to only works when the session is closed and you accept the email then decide to bounce it.
@kalpol@lemm.ee No idea what you are saying here. But, you can argue with Google: https://support.google.com/mail/thread/209018675/my-sent-email-box-is-filling-up-with-bounce-emails-and-emails-i-did-not-send-my-inbox-is-fine?hl=en
I’m saying this is the fault of people running badly configured mail servers. If you filter and bounce during the SMTP session instead of afterward, you won’t be emailing bounces to the forged reply-to address. Same as having an open relay. Just fix your junk if you run a mail server.