Folks,
I think this discussion is leading to the following as far as
2821bis is concerned...
(1) A slightly broadened statement to the effect that
rejection of mail without notification on a policy basis
is permitted, but should be used with extreme caution
given the long tradition and community expectations that
mail is either delivered or returned.
(2) An observation that it may be a rational policy to
not deliver mail that has an invalid return address,
although the history of the network is that users are
typically better served by delivering any message that
can be delivered. That observation should also note
that reliably determining that a return address is
invalid can be a difficult and time-consuming process,
especially if the putative sending system is not
directly accessible or doesn't fully and accurately
support VRFY.
(3) A comment in the "timeouts" section that it may be
appropriate to establish a shorter expiration on the
requeue and retry period for an NDN than for normal
message traffic. E.g., if a particular system is
configured to retry normal outgoing messages for up to
four days, it might sensibly be configured to give on
trying to transmit bounce messages after only one or two.
(4) A suggestion that, if a message is rejected because
it is found to contain hostile content, bounce/rejection
messages should be sent only if the receiving/targeted
site is fairly sure those messages will be usefully
delivered. I.e., the preference/ default is to _not_
send out NDNs for that type of message.
Text for any of those comments would be welcome, as would
further discussion if I've gotten it wrong.
Beyond that, I think the discussion in this thread has turned
into yet another discussion of best operational practices under
various circumstances, and not really about SMTP. I note in
particular that, in the model of 2821 and its predecessors, the
SMTP definition stops when a message is delivered to a message
store or an intermediate for that store. So, if the model
transaction is any of
MAIL FROM, then reject
RCPT TO, then reject
DATA, then reject
Accept data, then bounce
then language in 2821 applies. But, it is is
Accept data, deliver to mail store or pre-store virus scanner
Then what you do with that message is not an SMTP problem. As
far as SMTP is concerned, it has been accepted and delivered.
Now, I think a "best practices" for what to do in the latter
case, and especially what to do if the mail is determined to be
faked or hostile, is entirely in order. But it isn't part of
2821. I hope that anyone who wants such a document will produce
an I-D on which serious examination is possible, rather than
engaging in continuing back-and-forth sniping on this mailing
list.
john