this post was submitted on 26 Apr 2025
43 points (100.0% liked)

Cybersecurity

0 readers
53 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
43
Did you know that if a spammer uses your email address as the FROM: address, which is easy to do, all the bounce messages will go to your email address? If the spammer really hates you, they will send (hear-me.social)
submitted 2 days ago by Jerry@hear-me.social to c/cybersecurity@fedia.io
37 comments fedilink hide all child comments
 

Did you know that if a spammer uses your email address as the FROM: address, which is easy to do, all the bounce messages will go to your email address? If the spammer really hates you, they will send millions of emails with your FROM: address and you will get a million bounce messages.

Can you stop this or prevent this? No

Why would a mail provider send you a bounce message, knowing you're innocent? Because that's how someone wrote the protocol back then, and nobody changes it or does it differently because ... reasons.

Does the spammer get a bounce message? Nope, not one.

Does the SMTP sending account owner whose credentials were stolen be notified about bounces so they can stop the spam? Nope.

Just millions of emails sent every day to poor schlameels who have no idea why they are getting them and who can't do anything about them.

The more I learn about the email protocols, the more I realize how terrible the design is.

#emailsecurity #spoofing #cybersecurity #spam

you are viewing a single comment's thread
view the rest of the comments
[–] lautreg@pouet.chapril.org 5 points 2 days ago (2 children)

@Jerry@hear-me.social
There is 2 mechanisms against this.

  • SPF
  • Signature with DKIM
    Your provider should check these.
    Many providers don't accept email if one is missing or wrong, or flag theses emails as spam.
[–] Jerry@hear-me.social 2 points 2 days ago* (last edited 2 days ago) (1 children)

@lautreg SPF and DKIM are only used by the destination IMAP or POP3 servers to see what to do when they receive the email. In this case they reject it.

The delivery failure message is coming from the sending server as a courtesy message to the sender to let them know their email was not delivered. The protocol is to tell the FROM: address that the email could not be delivered. The SMTP, sending server, doesn't look at SPF, DKIM or DMARC or any DNS records or any other configuration related to it. It simply tells you the millions of emails sent with your FROM: address could not be delivered, one by one.

People keep bringing up SPF, DKIM, and DMARC, but it's not relevant to this problem.

[–] lautreg@pouet.chapril.org 2 points 1 day ago

@Jerry@hear-me.social
Oh yes.
I can't check, but I think there is setting to refuse connexion with the sender server if SPF doesn't mach.
Like the policy in the DMARC?

Or, in spamd/spamassassin, to just drop the incoming email in these case?

(I'm on phone, I may write more wrongly than usual)