On Wed, 2009-01-14 at 09:21 -0500, Paul Russell wrote:
After all, if the "MTA" from which you received the infected message
is
not innocent, perhaps not even a proper MTA, then rejecting the
message
is also pointless. The rejection will be ignored, and so the overall
effect will be the same as if it were accepted and discarded.
If I understand your position correctly, you want the receiving MTA to
issue a
5xx when the sender is a real mail server, but you want it to accept
and discard
the message when the sender is a bot. As has already been pointed
out, for
systems outside your control, you can only speculate as to their true
nature and
their likely reaction of a 5xx response. Why waste time trying to
discern the
true nature of the sender, and run the risk that you will discard
messages which
should have been rejected, because your analysis of the sender is
imperfect?
Just issue the 5xx and be done with it.
No, quite the reverse. If you have received an infected message from a
real MTA, then issuing a 5xx response might "do bad things". I.e. that
real MTA might send a DSN containing the infection to a forged returned
path.
What I said was that there was no point in sending a 5xx response to a
bot, since they will ignore it. (I suppose they might remove the
recipient address from their list, but I don't know if this actually
happens.)
So, I believe that sending 5xx to an innocent sender can be dangerous,
and sending 5xx to a bot is pointless.
The only problem with not sending 5xx (or not sending a DSN) could be
with false positives. However, I believe this is a very small problem,
at least for the majority of users, and the danger of using 5xx is
significantly greater.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg