On Mon, 21 Dec 1998, Robert Tarrall wrote:
[...] A user dialed into ATT, sent thousands of emails to aol.com users, with a forged return-address of youarecool@mailme.com, which AOL bounces back to youarecool@mailme.com, which is a domain I own.
Relaying on my machines has no bearing on this.
Someone did this to me about six months ago, and yes, there's nothing you can do to prevent the bounces from coming your way. I used sendmail 8.9.1's access feature to cause *me* to bounce mail sent to the forged from address with code: 550 No such user; forged header address used by spammers It didn't help me in the AOL case; they don't appear to be watching for double-bounces. It did help with recipients who tried to reply to the forged from address. Stephen