Regarding generation of bounces vs. rejecting mail at SMTP time, John
Glube raises a number of issues:
* Your position presumes wide spread implementation of
Submitter, allowing for extraction of the PRD at the data
stage.
No. SUBMITTER allows you to reject the message at MAIL command time.
Without SUMBMITTER, you can extract the PRD during receipt of the
message, and reject the message and end-of-data time.
* Until this happens, as Sender-ID is presently drafted,
the receiving MTA has to 'swallow' the message and extract
the PRA from the headers. As has been previously stated
this leads to a greater risk of false positives.
Without SUBMITTER, the receiving MTA has to receive the message,
but does not need to accept it. The risk of false positives is
identical whether SUBMITTER is used or not. SUBMITTER merely
lets the receiver do the test earlier, saving bandwidth for
both sender and receiver if the message is destined for refusal.
* Sender-ID does not call for SMTP mail from checks at the
DATA stage in the absence of PRA. If you are suggesting
either amending Sender-ID or preparing a BCP document to
suggest that receivers do carry out SMTP mail from checks
at the DATA stage in the absence of PRA, I would whole
heartedly support this.
I'm not sure what you mean by "the absence of PRA". If you mean
"the absence of SUBMITTER", then the current docs certainly
contemplate this. They even tell you what message to use
when rejecting mail. (If you mean something else, I'm afraid I
completely missed your point.)
(lots more words arguing that most spam is sent by zombies.)
Yes, it is. But the zombies tend to run specialized spam engines,
not real MTAs. And they don't generally send the mail through
the zombied machine's ISP's MTA, they send it directly to the
recipient.
-- Jim Lyon