John Levine writes:
In article <cone(_dot_)1587934924(_dot_)981704(_dot_)31890(_dot_)1004(_at_)monster(_dot_)email-scan(_dot_)com> you
>Incoming mail is addressed to a valid mailbox. Your MTA accepts it. As such,
>the sender already knows it is a valid recipient.
>I don't follow what information is getting leaked, if a second later a
>success DSN gets sent to the sender. The sender already knows it's a valid
>mailbox, by the virtue of the fact that the mail was accepted.
Not necessarily. It might be forwarded, it might bounce later.
It's already known that if you are going to forward your mailbox, you want
to get your bounces go somewhere else. The bouncing on forwarded mail are
mostly useless to the original sender. The original sender can't do anything
In this situation I would considering forwarding to be a secondary act that
has no bearing on the original mail. The message was delivered to the
recipient. The fact that it was forwarded by the recipient's mailbox is a
out of scope for DSNs.
We can bikeshed forever about whether you send a success DSN if it's
delivered to a spam folder.
If it's succesfully delivered to a spam folder, that seems like a smashing
success to me.
But that's not important. I thought there were some security implications to
successful DSNs, that I didn't know about; but looks like that's not the
case; all are things that have been known for decades…
Description: PGP signature
ietf-smtp mailing list