On Fri, Feb 21, 2014 at 09:40:10PM -0800, Michael Deutschmann wrote:
> So, the only RFC-legal options are:
>
> 1. Advertise the DSN ESMTP extension to no one.
>
> 2. Refuse all mail that does not have an SPF pass (regardless of whether the
> sender actually wanted to use DSN).
>
> 3. Run a server that can be forced to emit backscatter.
>
> I think #1 is clearly the only reasonable choice.
The best practice is NO DSN across the Internet backbone. Do not
offer DSN to strangers. Ignore DSN offered by strangers.
This way internal senders get DSN reports as soon as mail leaves
the sender's organization and external senders get DSN reports from
*their* MTAs as soon as mail is accepted by your organzation.
End-to-end DSN predates a world in which email abuse dominates
legitimate mail.
By the way, if indeed Exim is not sending MIME bounces, it really
should.
--
Viktor.
