a recent discussion on ietf-smtp has been addressing the question:
"Do the must 'bounce' rules need to be relaxed for virus infected
messages?"
Would a relaxation of the 'must bounce' rule also help here?
Only if the message is verified as coming from outside the network you'd
be notifying. Bounces are a -good- thing.
For the time being, the IETF should publish a BCP RFC recommending against
bounce messages in response to viruses known to forge MAIL FROM. Other than
that, I think the 'must bounce' specification is a good one, and provides
great benefit in a world in which bounce is guaranteed to be directed to
someone in a position to react to it
Agreed.
.
Specifically, if the domain in MAIL FROM cannot be forged, and a site
receives an email-carried virus with a given domain in the MAIL FROM, I
would imagine that most administrators would like to receive notice of the
crap leaving their network.
Yes -- at the moment such messages are discarded fairly blindly.
However, if many domains were to implement an SPF-like system, I think
I'd pay more attention and actually go track down my users (for the
record, I'm the operator of a small ISP -- we have 400 or so customers,
with a 400:1 customer:tech support ratio) who are infected.
Ari