ietf-smtp
[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-06-30 11:12:23

On Thu June 30 2005 11:02, Tony Finch wrote:

On Thu, 30 Jun 2005, Bruce Lilly wrote:

Not necessarily; for better or worse, a number of sites use multiple
MTA relays within their own administrative domain, and aliasing
expansion might well occur at a separate upstream host from the one
effecting actual delivery.  There is nothing particulary
non-compliant about such a configuration, though it does have the
characteristic of forcing a bounce where a single-host arrangement
might be able to return an SMTO 5xx reply code

There's nothing to prevent the front-end MX hosts in such a setup from
having access to the list of valid users,

I suppose so, but then there's not much purpose in having such a split
setup.  My point, perhaps not clearly expressed, is that there are
split setups that do expansion and validation downstream from the MX
host(s), and that such a setup does tend to send bounces rather than
5xx reply codes.  Even that's not strictly necessary, as the MX could
start a lock-step relay during RCPT TO rather than store-and-forward,
but I don't know of any such split setups that work that way.

so it doesn't "force" 
accept-and-bounce instead of reject.

The point is that store-and-forward implies accept-and-bounce (except
of course for a null reverse path).

What, you might ask, are the implications?  For one, it means collateral
damage caused by such systems accepting joe-job spam then bouncing to
the joe-job victim when the downstream host finally determines that
there's no such recipient.  If you've received any such bounces, you
may know that such system configurations are not uncommon.  For CBV, it
means that acceptance by such a system's MX host doesn't mean diddly.
And one generally can't tell from the outside if such a configuration
is in use unless and until one analyzes a joe-job bounce from there.
A secondary implication is that a CBV rejection from such a system
probably means more about the CBV initiator than mailbox validity,
and initiating a CBV session with such a host won't tell one much,
unless perhaps one is trying to find bugs in one's less-than-100%
compliant systems.


<Prev in Thread] Current Thread [Next in Thread>