I can't vouch for what the actual security implications are, but similar
situation occured with the United States Postal Service. To save a meager
$.32, people would intentionall put bogus addresses on the envelopes
and/or afix improper postage. But, in the return address field, they
would put the intended recipients address. The USPS obviously caught on,
just like you did.

So, are the From: addresses addresses of people within your domain, or are
they trying to bounce mail off of you to another site?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]