In <20030406042307(_dot_)GC994(_at_)m1800> waltdnes(_at_)waltdnes(_dot_)org
writes:
Bounce messages are a relic from a kinder/gentler internet where
spammers didn't exist, and didn't forge innocent 3rd-parties' email
addresses into the "From:" or "Reply-To:" headers. Maybe it's time to
depracate bounce messages.
While I don't believe we can outright ban bounces, I do think it is a
very good idea to detect errors as early as possible.
The receiving MTA should always try hard to make the sending MTA
generate the bounce via the 5xx reject codes. It should also try to
verify that the MAIL FROM address is valid before it accepts the email
so that if a bounce has to be generated later, it can be. Exim can
verify not only the MAIL FROM, but also the From:, Reply-To: and
Sender: headers to try and cut down on bad bounces.
Something like the RMX or domain-specific DNSBL solution would also
help make sure that later bounces are not being sent to third party
spammer victims.
In theory, the sender MTA could and probably should also verify these
things. Again, the earlier the errors are detected, the better. Of
course, the receiving MTA probably can't trust that the sending MTA
will have done these checks, but checking them twice won't hurt.
-wayne
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg