[Asrg] where the message originated

[David Wilson]

On Wed, 2009-01-14 at 09:21 -0500, Paul Russell wrote:
> > After all, if the "MTA" from which you received the infected message
> is
> > not innocent, perhaps not even a proper MTA, then rejecting the
> message
> > is also pointless. The rejection will be ignored, and so the overall
> > effect will be the same as if it were accepted and discarded.
> 
> If I understand your position correctly, you want the receiving MTA to
> issue a
> 5xx when the sender is a real mail server, but you want it to accept
> and discard
> the message when the sender is a bot.  As has already been pointed
> out, for
> systems outside your control, you can only speculate as to their true
> nature and
> their likely reaction of a 5xx response.  Why waste time trying to
> discern the
> true nature of the sender, and run the risk that you will discard
> messages which
> should have been rejected, because your analysis of the sender is
> imperfect?
> Just issue the 5xx and be done with it.

No, quite the reverse. If you have received an infected message from a
real MTA, then issuing a 5xx response might "do bad things". I.e. that
real MTA might send a DSN containing the infection to a forged returned
path.

What I said was that there was no point in sending a 5xx response to a
bot, since they will ignore it. (I suppose they might remove the
recipient address from their list, but I don't know if this actually
happens.)

So, I believe that sending 5xx to an innocent sender can be dangerous,
and sending 5xx to a bot is pointless.

The only problem with not sending 5xx (or not sending a DSN) could be
with false positives. However, I believe this is a very small problem,
at least for the majority of users, and the danger of using 5xx is
significantly greater.