From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from albireo.enyo.de (albireo.enyo.de [37.24.231.21]) by sourceware.org (Postfix) with ESMTPS id BFE25385BF9F; Sun, 22 Mar 2020 13:30:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org BFE25385BF9F Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1jG0gI-0005hU-0m; Sun, 22 Mar 2020 13:30:22 +0000 Received: from fw by deneb.enyo.de with local (Exim 4.92) (envelope-from ) id 1jG0ey-0005Z4-U5; Sun, 22 Mar 2020 14:29:00 +0100 From: Florian Weimer To: "Maciej W. Rozycki" Cc: "Frank Ch. Eigler" , overseers@gcc.gnu.org, gcc mailing list , Overseers mailing list , Thomas Koenig Subject: Re: Spam, bounces and gcc list removal References: <82e9a365-63b1-93f6-9860-86f219e191be@netcologne.de> <20200321202941.GA15063@redhat.com> <87k13c4v5m.fsf@mid.deneb.enyo.de> Date: Sun, 22 Mar 2020 14:29:00 +0100 In-Reply-To: (Maciej W. Rozycki's message of "Sun, 22 Mar 2020 13:24:03 +0000 (GMT)") Message-ID: <8736a04ixv.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: overseers@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Overseers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 13:30:27 -0000 * Maciej W. Rozycki: > On Sun, 22 Mar 2020, Florian Weimer wrote: > >> > Spam bouncing is evil and often hits an innocent person whose address has >> > been faked by the sender of spam, making the source of bounces not better >> > than the originator. >> >> I expect this to be an SMTP-level rejection, not a bounce. sourceware >> generates a bounce from that, and Mailman reacts to that. But the >> target mail server does not generate a bounce. So your concern about >> bad ISP behavior does not apply here. > > You mean as with a failure response given to the SMTP DATA command? > This is actually equally evil as the resulting bounce (i.e. a delivery > failure notification, or a flood of them, once other MTAs have joined in a > response to a mass mailing; that is exactly what I suffered from a few > years ago) will hit whoever's fake envelope sender address has been given > with the MAIL FROM command. You don't expect a real one with spam, do > you? No, this is not what happens (unless an open SMTP relay is involved, which is a different kind of problem). The error result from the DATA command is either observed directly by the spamming software (which does not generate a bounce message), or by some mail relay at an ISP. These relays check the envelope sender address before accepting a message for relaying, so if they need to generate a bounce, it will not be sent to an unrelated party.