I have been receiving a fair amount of Spam from an e-mail forwarder. They are unwilling to correct their problems. Much of the Spam they forward is the form of bounce notifications. Attempting to reject other Spam resulted in more notifications. To control this Spam I implemented signed return path addresses. As a side benefit, I am also rejecting bogus notifications sent directly to me.
Signing my return path allows me to reject faked notification e-mail. The SMTP standard requires that no email sent with a null return path “<>” (aka Envelope Sender) be returned. Its purpose is for allow for notifications about existing messages. These includes notifications such as address unknown, message delivered, and message read. E-mail notification which are not about a previously sent message can be refused . Signing the return path allowed me to reject such invalid notifications. (more…)