It occurs to me that a site that was unwilling to handle policy rejections
during SMTP processing, and hence faced with the choice of returning DSNs
to a possibly forged "From" address or dropping them on the floor, does
have an intermediate choice. They could return the DSN via the connecting
host or the MX for that connecting host. That is, whatever the "From"
address, go back to the connecting host to deposit the DSN into the mail
stream. In many legitimate cases that host will accept mail for that
"From" address, it is very unlikely to accept forged mail unless it is an
open relay.
There is already a mechanism "source routing" as the basis for
implementation. RFCs still require the ability to process source routes
for servers, although it is no longer required for clients. In any case,
the connecting host doesn't actually have to do anything special. It just
sees the "mail rcpt" address and either accepts or rejects the message
depending upon its ability to deliver to that user.
It is interesting to contemplate how this would play out if a few major
players adopted it as a policy. I don't see any feasible response by
spammers - this doesn't really affect them, only legitimate mail. Note
that while a spammer could adopt forged "from" addresses that would be
accepted by his host, it wouldn't help him deliver any spam.
As I said, I don't consider this superior to rejection during SMTP
processing, but it is an interesting substitute.
Daniel Feenberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg