[Dshield] Weird from address
dshield at oitc.com
Sun Oct 16 23:12:57 GMT 2005
At 4:11 PM -0400 10/16/05, Valdis.Kletnieks at vt.edu wrote:
>The other is the RFC821 'MAIL FROM:', which is also known as the "envelope
>address". The name is somewhat of a misnomer, as it isn't where the mail is
>from, exactly. It's where a mail server is supposed to send bounces if the
Actually, originally it was the address of who was sending it when
RFC 821 was first written. Back in ARPANET days you just sat down
with telnet and typed HELO, MAIL FROM, RCPT TO, DATA and your
message. We've come a long way baby!
>Your bounce- address appears to be VERP'ed, which means that the destination
>address is encoded in the address to send the bounce to. This is because an
>amazing number of mail systems manage to generate bounces that don't
>have any useful
>mention of the address that actually bounced. But if the MAIL FROM
>then the sending site (getresponse.com) knows that it can toss *all*
>mail it gets
>to any bounce-* into the bounce processor, and it can break it down:
>bounce- - it's a bounce.
>514542- some code number indicating which list/mailing/etc this was from
>steve.d=abdb.com - change the = to an @ and you have the address
And its amazing how many "ethical" mailers generate VERP's for the
outbound but NEVER ever remove the addresses that bounce. We have an
old address that has been bouncing to 5 "ethical" mailers for 7 years!
>The RFC821 MAIL FROM: is often put into an RFC822 Returh-Path: header when it
>gets dropped into a final mailbox, so that user programs can use the value if
btw clear and well written discussion.
More information about the list