On Sat, Feb 20, 2010 at 12:53 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Sat, 20 Feb 2010 11:36:37 EST, William Herrin said:
They didn't exactly fix it. What they did is reinforce the importance of generating a bounce message by keeping the existing "must" language from 2821 but adding:
"A server MAY attempt to verify the return path before using its address for delivery notifications"
OK, let's run with that. It is *permitted* to check the address for validity before bouncing to it.
Either way, you shouldn't be bouncing spam.
They also added this text in section 6.2
Conversely, if a message is rejected because it is found to contain hostile content (a decision that is outside the scope of an SMTP server as defined in this document), rejection ("bounce") messages SHOULD NOT be sent unless the receiving site is confident that those messages will be usefully delivered. The preference and default in these cases is to avoid sending non-delivery messages when the incoming message is determined to contain hostile content.
Two paragraphs up it says, "silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate." I don't know what your spam intake looks like but in mine, 5% to 10% can't be ranked "high confidence" until checked by an eyeball mark 1. In my system, that fraction is a candidate for a bounce... unless your SPF records have told me that the message has a forged sender. I honor whatever instructions you've made the effort to give me via the sender policy framework. That's the part that really galls me. Instructing my system not to bounce questionable messages related to yours is entirely within your control. You don't even have to know I exist; you just put a simple well-standardized line in your DNS. The instruction you choose to offer, I'll do all the processing necessary to honor it. But a few folks who complain about backscatter would rather whine about it and exhort me to break with the letter and spirit of the smtp standards than architect their own mail systems in a manner compatible with suppressing backscatter from others. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004