Stuart D. Gathman wrote on Wednesday, November 22, 2006 4:54 PM -0500:
It's when I'm sending a real DSN as the CBV, because a message
is quarantined, for instance, and SPF is none/neutral/pass.
You've sent them a DSN for mail that you've quarantined, presumably
because of a SpamAssassin or virus scan result, and SPF leads you to
believe the return-path is valid. It's a real DSN with a message
body. If they send you a DSN because they couldn't deliver your DSN,
after accepting it for delivery, they're creating a mail loop and it
is reasonable to blacklist them.
Does that describe the situation?
All real DSNs contain the original sender, SRS signed, in multiple
header fields, so that lame failure DSNs that are sent instead of
rejecting can let me blacklist the original sender.
It never continues to amaze me how hard you have to work in order to
protect yourself from misconfigured systems.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735