It is standard to do that at the end of DATA. And it is best to do it there
than later. Whoever is connecting is told "no", rather than sending an NDR to
the "mail from" which is likely to be forged.
Sync NDR are better than async NDR.
----- Original Message -----
From: "John Levine" <johnl(_at_)taugh(_dot_)com>
To: asrg(_at_)irtf(_dot_)org
Sent: Friday, 16 January, 2009 11:46:06 PM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] enough about backscatter
So, just to clarify, you are saying that the view of ASRG is that if an
MTA receives a message which when checked using anti-virus software such
as Sophos or ClamAV (note this, my discussion was not about other
anti-spam techniques) give a positive, the correct course of action is
to reject the message using a 5xx response?
That seems to be the consensus here, yes.
My MTA does rejects on anything that has an attached EXE file, and I don't
ever recall getting any complaints about backscatter.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg