First off, there is nothing that requires you to copy
anything into the
bounce.
Providing that you are willing to accept the original email
LOST. Bounces are done to:
In this case it would suffice to notify the purported sender that
a message from them failed validation. It is not necessary to
quote any of the text of the message.
Secondly if it is an automatic process your liability would
be no greater
than it would be following original SMTP.
Wrong. When you bounce it now knowing the validity of the
bounce recipient has you have less
liability then if you bounce it KNOWING that the bounce
recipient is invalid.
One way that the spec could be improved would be to state that the
sender SHOULD notify the purported sender without mandating the
use of a particular mechanism, specify bounces as the fallback
mechanism.
At some point we need a better mechanism for reporting failures
of all kinds. Something that is authenticated and out of band.
That may be sufficient for some to believe, but "ignorance is
no excuse" has been the big stick that
many courts have wielded time and again.
Ignorance of the law is no excuse. Absence of intent or knowledge
on the other hand is one of the strongest defenses possible in
almost all cases.
Look up Mens Rea.