From: "Alan J. Flavell" <a.flavell@???>
>
> On Sat, 23 Oct 2004, David S. Madole wrote:
>
> > Maybe the person running this server doesn't care about your
> > attempts to use callouts to duplicate the service that "VRFY" is
> > supposed to provide.
>
> I don't know about you, but one of the reasons for attempting a
> callout is to get some idea that the offering MTA would accept a
> "bounce" (non-delivery report, delivery status notification).
Your arguments are excellent and exactly correct. And they reflect the
reason why you and a few others might wish to use callouts.
But I do not believe that it is why most people choose to use them. They
are trying to weed out bogus incoming mail. It has nothing to do with
their concern over delivering a status notification back to the sender.
So you get these tiring arguments between two different sets of people
each trying to misuse the system for different purposes.
I am not suggesting that any particular person, including the original
poster, is in either class.
> If we take responsibility for delivering a mail, there -are-
> situations (albeit we're all doing our best to avoid most of them -
> right? - by rejecting during the SMTP dialog) where a subsequent error
> means that the mail couldn't be delivered; and then it's necessary to
> compose a non-delivery report to the envelope-sender, just like it
> says in the good RFCs.
But maybe the sender chooses that they don't care. Or that it's important
to them, but less important than some other conflicting interest, so they
make a choice. Isn't it their loss, not yours? Aren't they the one that
is hurt by not knowing whether their email was delivered or not?
> > Your using it for callouts is not "playing by the rules".
>
> Your argument is not entirely without merit; but, in the circumstances
> in which we find ourselves, some compromises have to be made.
Exactly. Maybe the other party has taken their position as a compromise
as well.
> > If the other guy decides he doesn't care about status notifications,
> > that's his decision,
>
> Indeed, and our subsequent action follows from that. We might choose
> to put his domain into our callouts list, so that he can block himself
> from offering us any further mails until he stops that behaviour.
Agreed. My point is just do it. Don't go around whining that someone else
has taken a set of conflicting requirements and made a different choice
than you would; it's their server. You don't like their policy, don't
accept mail from them. Report them to rfcignorant. Be righteous about it.
Revel in your correctness.
Anyway, I'm not advocating any position, just trying to point out that so
often this issue is (in my opinion) a case of "the pot calling the kettle
black". Personally, I don't do callouts, but I don't care if someone else
wants to do them against my server. However, I do only accept mail from
"<>" to VERP addresses that I use for the envelope sender and change
daily.
I do think that if someone has a problem with mail from "<>" and they
don't care about status notifications, their best course of action would
be to reject or silently discard after DATA. It accomplishes the goal
with the least impact to the way the rest of the world expects things to
work.
David
