Here's what I propose for autoreporting of rfc-ignorant and why:
First - I'm only talking about the case where ALL null senders are
rejected - example:
HELO ctyme.com
250 helo MRLRY
mail from:<>
501 bogus mail from
This is the initial sequence of a callback sender verification.
Now reporting these is a good thing because if someone is going to
reject <> then they should be listed as rejecting <>. so the world knows
this. I have an ACL that actually whitelists rfc-ignorant domains.
deny message = REJECTED - Sender Verify Failed
!dnslists = dsn.rfc-ignorant.org/$sender_address_domain
!verify = sender/callout=2m,defer_ok
So - if I had autoreporting then after one bounce they get reported and
after being added to the list - the messages would get through.
It seems to me that if someone is going to ignore a rule like this then
that's their choice. But they should be listed as someone who ignores
the rule so that others can decide how they want to interact with
servers that ignore the rule.
Sender callout verification is something that's working extremely well
for me in fighting spam and I don't want to give it up because of
stubborn people.
Having said that - there should be a hook in Exim to detect that the
host doesn't take empty senders from anyone rather than it rejected it
after the rcpt to: was presented. A failure after rcpt to: has a
different meaning than a failure after mail from:<> and these conditions
should be treated separately.