Le lundi 26 Juillet 2004 11:39, Chris Haynes a écrit :
Option 1:
If the test failure occurs at SMTP time _and_ an explanation text has been
provided, send a separate bounce message containing that explanation, as
well as the SMTP 55x rejection.
I don't like this because
(1a) The nice thing about the SPF-Classic tests is that the load on the
receiving MTA when rejecting a 'bad' message (at SMTP time) is minimal.
Option 1 puts the MTA load up again (for those cases in which the domain
has published an explanation).
(1b) The user may get two rejection messages from a single mail submission
- confusing.
Remember that an SPF failure means that it is most probable that the MAIL FROM
address has been *FORGED*
So we *MUST* as much as possible avoid sending bounce messages to an address
that has actually nothing to do with the message being refused. We *MUST* as
much as possible simply reject the SMTP transaction.
If the remote client is actually a trojanized Windows PC or any kind of
spamware, then it is most probable that no bounce will ever be sent to the
"MAIL FROM" address, and this is what we want.
We definitely do not want to fill up the boxes of innocent peoples with bounce
messages about emails they never sent.
--
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E