--On Saturday, January 31, 2004 12:31 pm +0000 "Alan J. Flavell"
<a.flavell@???> wrote:
>
>> as there are WAY too many 'legite' domains out there that do not
>> accept the 'mail from: <>' command,
>
> One could argue that there's no such thing as a legitimate domain
> which refuses bounces as a general rule. By refusing bounces, they
> put themselves over the border of what is legitimate. I'd claim,
> though, that our practice of refusing (with appropriate explanation)
> bounces *if* they appear to be bogus virus alerts (BVAs) is
> admissible. We also rate bounces for spam, since some spammers try to
> get their spam through camouflaged as a bounce, so this is another
> possible cause for us rejecting a specific bounce (but obviously we
> wouldn't reject a callout on that basis, since an incoming callout
> never gets to the spam-rating stage).
That seems to me to be perfectly fine in the context of allowing sender
verification callback; you'd not be rejecting on the basis of the null
sender address, but on the content of the message. The sender verification
callback doesn't send any content.
I'm not sure whether the RFC permits this, though. As I understand it, you
must accept mail to postmaster, and to any known mailbox (but can reject
mail addressed to a non-existant mailbox). I can't see anything to stop you
rejecting messages based on the content. Arguably it would be better to
accept them and then delete them; RFC 2821 section 6.1 explicitly says that
you can do this in the event of a "delivery failure" after acceptance.
--
Ian Eiloart
Servers Team
Sussex University ITS
