--On Tuesday, 23 March, 2004 17:54 -0500 Keith Moore
False positives are the difficulty.
The essense of the original proposal would be this wording:
If a MAIL FROM address is known to be forged, a bounce MUST
NOT be sent to that forged address.
well, I'd probably say SHOULD NOT, but I think that's the
I suppose we could leave "is known to be forged" as an
exercise for the reader.
I have doubts about that. I've seen too many bogus spam
detection algorithms. I don't want to encourage silent
discarding of mail based on bogus criteria. and it's very
difficult to define what reasonable criteria would be.
This is where I start wondering about modifying standards. If
we are in a state in which we want to say (I know I'm changing
this a bit, but maybe this form will reinforce the point)...
* You SHOULD (or MUST) not try to send a bounce message
if the Return-path is can be positively identified as
* We don't know of, and certainly aren't ready to
standardize, any way to tell how to make that
The combination of the two makes the first nearly a no-op.
--On Tuesday, 23 March, 2004 15:09 -0800 Daryl Odnert
Perhaps it would be appropriate to add some language to
section 3.7, where the requirement to send an "undeliverable
mail" notification message is described. I'm thinking about
something like this:
An SMTP server MAY decide not to send the "undeliverable
mail" notification message when it can determined that the
original message had malicious or deceitful intent.
Determination of such intent is beyond the scope of this
This would be an accurate reflection of what many servers are
This seems much closer to what I think would be appropriate,
although I'd prefer, e.g., to see "be accurately" or "be
positively" in front of "determined".
How do others feel about that change?