[Top] [All Lists]

Re: Do the must 'bounce' rules need to be relaxed for virus infected messages?

2004-03-24 20:31:07

In <59A5A8E4-7D2F-11D8-BA10-000393DB5366(_at_)cs(_dot_)utk(_dot_)edu> Keith 
Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:

for instance, I don't think it would be acceptable to silently drop
messages on the basis of an SPF record, because the problem could
actually be a configuration error rather than malice or deceit.

The intent of SPF is that you *wouldn't* silently drop email on a
failure, but rather issue an SMTP 5xx rejection (or 4xx on DNS

The intent of SPF is that, if the check passes, you can safely send
bounces to the envelope-from.  SPF is also designed to be light-weight
enough to be run in the MTA in most cases, and flexible enough so that
you can do a certain amount of per-user validation if you want.

I really don't want to see the must bounce rule relaxed.  There are
already too many times that spam-filters silently discard legitimate
email, it would be nice if more of that email could be safely bounced.


<Prev in Thread] Current Thread [Next in Thread>