On Wed, Aug 31, 2011, m.roth@5-cent.us wrote:
Here's a thought I just thunk, folks: some scum, apparently in eastern Europe, has harvested my email, and is using it in the Reply-To: in its spamming efforts. Now, I realize that some mails go out from noreply, but other than that, is there a good reason why a mailserver would not be configured to send delivery failure to *both* Reply-To and From?
This type of forging is generally referred to as a "Joe Job", and may be a conscious effort to impair the reputation of the forged sender or domain or perhaps an attempt to flood the mailboxes of antispammers (e.g. mail forged like abuse@antispam.example.com).
Sending spam complaints to these addresses or to their ISPs is generally a waste of time and effort as the forged sender has nothing to do with the message as any cursory examination of the Received: headers in the message will confirm. The spam complaints are in themselves a type of abuse, and are referred to as "Blowback". Sometimes these complaints are the result of ignorance when they are manual complaints, or incompetence (e.g. early Barracuda e-mail appliances that did this by default).
Configuring an MTA to bounce to the Reply-To: header is probably worse than useless as it could well flood poorly configured mailing lists with garbage when spam gets through the lists spam filters, then the complaints go back to the mailing list.
Probably the best thing to do with this kind of delivery failure message which come in is to ignore them unless you feel like Don Quixote and like tilting at windmills.
Bill