On Tue, 2004-03-09 at 11:01 -0600, wayne wrote:
At this time, thanks to spammers, a very large percentage of the MAIL
FROM addresses are bogus. The best current practices is to *NEVER*
use the MAIL FROM address for anything.
/me shudders. That's _so_ wrong it's scary. There are some cases where
you absolutely _MUST_ use the MAIL FROM address, and to do otherwise is
likely to cause mail loops.
What you seem to be confused with is the idea that you shouldn't
actually generate a bounce if it's avoidable -- current best practice is
to avoid accepting a mail and _then_ deciding you want to reject it; do
the utmost possible to make the decision before the SMTP transaction
finishes. That way, the mail never leaves the spammer's SMTP-sender.
If generating bounces you _MUST_ generate them only to the MAIL FROM:
address, not to any other address picked out of the mail itself.
Likewise you _MUST_ look at the MAIL FROM address to avoid sending
responses to bounces. The only thing which reliably shows you that a
message is a bounce, and hence that to reply to it automatically would
risk mail loops, is the fact that it has an empty reverse-path.
Clueful ISPs will pull your machine off the network if you refuse to
conform with what RFC2821 mandates about use of MAIL FROM w.r.t.
bounces. It'd be a denial of service attack waiting to happen.
--
dwmw2