On Tue, 28 Dec 2004, Leonard Mills wrote:
Stuart(_at_)bmsi(_dot_)com wrote:
Here is my new idea: if no identification is provided via SMTP, then
before entering the DATA phase, send a DSN to the MAIL FROM.
I think you should wait until much later in your processing.
You should first be sure that the message is neither a virus
nor a spam from a zombie. Otherwise, sending an NDN is very
unfriendly. If the message is not a virus/worm vector, then
I'd prefer just putting it in a spam jail, and leave it for
the intended correspondent to mark the message as "do not
block in the future" and _then_ have the intended recipient's
local postmaster draft the explanatory email.
Part of the idea was that if the DSN can't be delivered, then the
message is rejected. Kind of like CBV, but with an actual DSN
complaining about the misconfigured server.
If it is a virus/worm forging their domain, then they need to
publish SPF pronto. If the virus/worm is from their own machine,
then they need to know about it also.
Unlike the stupid non-DSN notifications about viruses I supposedly sent,
this one is a DSN, and will not annoy anyone that does any of the following:
1) has a real PTR record on their mail server
2) has a valid HELO name
3) has an SPF record
4) uses SES or similar scheme to sign MAIL FROM
Will it annoy people into doing one of the above?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.