On Mon, Jan 12, 2009 at 12:42:59PM -0500, der Mouse wrote:
- Malware goes out, addressed to A, (forged) envelope-from B. Sending
channel ends up emitting it from a normal MTA, M.
- A's MX host rejects it at SMTP time.
- M generates and sends a bounce to B.
- B receives bounce with embedded malware. Somehow - perhaps B's MUA
aggressively looks for and executes live content; perhaps B clicks
on the wrong thing; perhaps something else - this ends up with a
malware infestation on B's machine. (Cue xkcd #350.)
If A's MX host had silently swallowed the mail, nothing would have
happened to B - or, at least, not on account of this message.
Ah, gotcha. I agree that silently swallowing the message might have
spared B a possible infection, but I'm reluctant to blame A's MX for
this: it didn't originate, accept or transfer the malware-laden message.