[CentOS] dealing with spoofing

Wed Aug 31 20:21:46 UTC 2011
Josh Miller <joshua at itsecureadmin.com>

On 08/31/2011 01:16 PM, m.roth at 5-cent.us wrote:
> Here's a thought I just thunk, folks: some scum, apparently in eastern
> Europe, has harvested my email, and is using it in the Reply-To: in its
> spamming efforts. Now, I realize that some mails go out from noreply, but
> other than that, is there a good reason why a mailserver would not be
> configured to send delivery failure to *both* Reply-To and From?

There are two parts to an email that relate to routing; envelope header 
and email header.  The only consideration given to routing is the 
envelope header which has sender and recipient, nothing else.

Reply-To is part of the email header and is there for the email client 
to use.

(See RFCs 2821, 2822.)

HTH,
-- 
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/