Stuart D. Gathman wrote:
The advocates of "not rejecting" a PermError were actually
recommending rejecting with SMTP TEMPFAIL (451) instead of
550.
TempErrors are supposed to go away without human intervention
- or at least that's my concept for 4xx = "try again later".
Like "busy". Unlike "out of paper".
This tells the sender of the problem immediately (assuming
they read their DSNs) just like 550, and keeps on reminding
them of the problem until they fix it or the mail queue
expires the message.
Almost the same effect, after about 100 hours without fixing
the problem the mail is returned. It's okay to do it this
way, but it's different from ordinary SoftFail / TempError
conditions:
For a SoftFail you could use 4xx-greylisting or accept it
immediately. Not what you want for an invalid policy, it
really has to be fixed, otherwise it wastes your resources.
And a TempError is a temporary problem on your side (incl.
DNS timeouts or similar events), when "try again later" is
a good strategy for the sending MTA.
The postmaster of the sending MTA is not necessarily in the
position to do anything about the broken sender policy, it
can be one of many mail customers, DNS elsewhere.
In that case the broken sender policy wastes resources at
the receiver _and_ the sending MTA. The real sender could
be a spammer intentionally abusing broken policies.
I do not see why the receiver should wish to extend this
torture with 4xx. It does not help. It hurts more than a
5xx. It wastes the resources of innocent bystanders.
When they finally do fix it, they don't need to resend
their mail (unless it expired from the queue).
When I get one of these "your mail is delayed" DSNs it
always starts with a note "don't do anything, we try again
for about 100 hours". That's exactly what I do in this
case, nothing. It won't help with a broken sender policy.
temporary or permanent. The answer to that depends on how
optimistic you are the people will ever actually fix their
SPF records.
I'm not very optimistic that ordinary users will know what
these DSNs are about. They'll just wait four or five days,
and then they'll call for support, Very angry. Bye, Frank