Harry Katz wrote:
[snip prior messages]
Rejecting a message at MAIL FROM or at end of DATA are equally effective
mechanisms for ensuring that bounce messages get generated. RFC2821
MAIL FROM offers no advantage in that regard.
They're equally effective when you can do it online, in real time. If you
have to bounce a message later, then you risk generating a bounce
originating at *your MTA* that goes to a forged address. This is very
undesirable, and the recipient of that bounce could justifiably claim that
you spammed them.
Please note I'm not suggesting that performing checks on the RFC2821
MAIL FROM is entirely useless and should be stopped. On the contrary,
there are a number of very useful things that can be done here such as
allow/deny lists, etc. By all means let's continue doing those things
and if we can reject the message with a 4xx or 5xx code at that point,
great!
What I am saying is that for the purposes of this discussion under the
MARID charter, MAIL FROM doesn't add any information not already
available in the 2822 headers. That's why we dropped it from Caller ID.
MAIL FROM validation does add something during the conversation between 2
MTAs. It adds information that is *always* available *before* you have the
2822 headers in hand.
Philip Miller