I think the RFCs need to 'relax' the requirement for notice of
non delivery so as to reflect the new 'current best practices'
for handling virus infected messages and other messages with
forged 'return path' information.
No, let's not.
Then we have 2 alternatives, each even more ugly:
False positives are the difficulty.
The essense of the original proposal would be this wording:
If a MAIL FROM address is known to be forged, a bounce MUST
NOT be sent to that forged address.
I suppose we could leave "is known to be forged" as an exercise
for the reader. Perhaps antivirus companies can make their
own determination based on viruses that propagate themselves
and fake the MAIL FROM address, and spam detectors might
make their determination using SPF (or its relatives).