On Sat, Jun 28, 2008 at 01:12:39PM -0700, Matthew Petach wrote:
Those two statements of yours directly contraindicate each other.
No, they don't. Outbound relays (which are presumably used by client systems presenting appropriate authentication) know the identity of user presenting credentials. They can thus return a NDN (or similar) to that user, i.e., there's no concern about outscatter. But worth noting is that this works *because* the mail is being submitted with user authentication -- it won't work for a relay that doesn't do that. That's a very different situation from case where the same outbound relay is talking to a random mail server elsewhere on the 'net. Attempts by such random mail servers to "return" bounces to their origin (from when they never came) are outscatter, which is why rejects are much preferred. (Yes, I'm aware of various mail authentication proposals. Whatever they are/aren't, they're not the right solution to this specific problem: the solution is to always reject, never bounce.) ---Rsk