Message-ID: <3FF70458-7F12-11D8-B3B1-000A95AC67AA(_at_)messagelabs(_dot_)com>
From: Matt Sergeant <msergeant(_at_)messagelabs(_dot_)com>
References:
<iSx%b(_dot_)9306817$Id(_dot_)1551391(_at_)news(_dot_)easynews(_dot_)com>
<slrnc3v7e3(_dot_)duj(_dot_)angel+news(_at_)pearlgates(_dot_)xs4all(_dot_)nl>
<1lS%b(_dot_)9384471$Id(_dot_)1564181(_at_)news(_dot_)easynews(_dot_)com>
<4f9d3d24(_dot_)0402281610(_dot_)7c07a0ba(_at_)posting(_dot_)google(_dot_)com>
<Su35c(_dot_)10604673$Id(_dot_)1776882(_at_)news(_dot_)easynews(_dot_)com>
<u46h50p0uk4j0hnnrdlbc4791olgobstqc(_at_)4ax(_dot_)com>
<%mY7c(_dot_)11457779$Of(_dot_)1923976(_at_)news(_dot_)easynews(_dot_)com>
<10639d0ctsu9f56(_at_)corp(_dot_)supernews(_dot_)com>
<mm9360dk26ulv63e42qdkptlmf0guuc7mt(_at_)4ax(_dot_)com>
<OF27731279(_dot_)C1F43F2E-ON86256E62(_dot_)000D6E4A(_at_)lsu(_dot_)edu>
Matt said:
On 25 Mar 2004, at 02:26, bz wrote:
Aredridel <aredridel(_at_)nbtsc(_dot_)org> said:
Directing bounces is the most difficult part of such an exchange,
since
SMTP specifies that the MAIL FROM is also the place where bounces
should
go to, leaving no application protocol level source of identity data.
The only solution is to have the originating system relay bounces to
the
appropriate destination as a separate transaction, instead of
short-circuiting and going straight to the unverifiable sender
address.
a recent discussion on ietf-smtp has been addressing the question:
"Do the must 'bounce' rules need to be relaxed for virus infected
messages?"
Would a relaxation of the 'must bounce' rule also help here?
No. I think a lot of the time the "must bounce" rule is being invalidly
applied with virus notifications. The question comes down to: does
quarantining an email mean it has failed to be delivered? Most systems
quarantine rather than drop, yet they still send a notification.
A BCP would be a good idea though.
Unfortunately, as the RFCs are written, there is little wiggle room.
And, in my experience, at least at this university, virus infected messages
are NOT quarantined. Why waste hard drive space storing proven garbage?
I agree that a BCP would be a good idea.
I think that the next revision of the SMTP RFC should ALSO reflect BCP by
allowing some exceptions to the 'must bounce' rule.
--
bz
please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.
bz+ietf(_at_)chem(_dot_)lsu(_dot_)edu