again, the goal here is to avoid being used to transmit spam or viruses.
Given that DSNs can already be used for this purpose (you almost always
want to include the entire original message in a bounce because otherwise
it may be lost), are we really gaining much by preventing autoresponders
from being used for that?
1. autoresponders are inherently more varied than DSNs. DSNs specify
with a fair degree of precision the format of the response, and the
conditions under which it gets sent.
2. the world has changed a bit since the DSN spec was written. if the
DSN spec were being written today I might want a similar provision
for limiting the amount of content returned. and it wouldn't
bother me for the revised DSN spec to say that DSNs should somehow limit
the amount of the subject message that is returned.
This strikes me as a flaw inherent in the nature of e-mail bounces.
I once got called in as a consultant for a bank that was using a piece
of software, whose auto-responder would respond with only a brief
annotation, and include the entire subject message in the response. (it
also copied everyone in the to and cc fields)
Copying everyone in the To and Cc fields is obviously wrong.
There were so many things wrong with that setup that fixing only one or
two of them would not have solved the problem.