Re: SHOULD (NOT) SPF-compliants MTAs send bounces?

On Mon, Dec 01, 2003 at 05:14:58PM -0500, Meng Weng Wong wrote:
> | As both of you pointed out, a bounce like that will typically affect the
> | joe-jobbed "victim". Indeed, that is actually most unwanted. But a plane
> | DISCARD is quite undesireable too.
>
> What bounce?
>
> Who's the client?
Server: Server doing SPF-lookups.
Client: spammer, virus.
Abuse : client forging return-path with an address for a SPF-protected domain.

If the server sends a 550 and that's it, no problem.

But if the server generates a bounce because of the forgery, it will be send
to the forged address. This is useful during migrations in case it's not a
forgery but a migration issue. But once SPF settles in, it will only be
inconvenient if servers send bounces for detected forgeries.

Rob
-- 
Rob Kaper     | "In the name of sheer pity, won't someone operate on
cap(_at_)capsi(_dot_)com | Chairman Arafat and put that poor cancer into a 
cleaner
www.capsi.com | environment? -- Rick Brookhiser

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

pgpvocnsmpNU2.pgp
Description: PGP signature