[Mimedefang] DSN Policy - was Re: Email injection and the android 'email' app
kd6lvw at yahoo.com
kd6lvw at yahoo.com
Mon Mar 4 14:00:00 EST 2013
--- On Mon, 3/4/13, Dale Moore <Dale.Moore at cs.cmu.edu> wrote:
> ... I have had the philosophy that it is better to reject an email via
> SMTP protocol (550 5.1.1 No Such user here) instead of accepting an
> email then later sending a Delivery Status Notification (DSN) that an email
> could not be delivered....
I don't believe that one has such a choice. In today's hostile world, if one CAN reject during the SMTP session, one MUST reject during the session. An end system (where mail is delivered) should never generate a rejection DSN; only relay systems may/should do so but not always (cf. forged mail).
The fact that your belief is not absolute is indicative of the problem.
More information about the MIMEDefang
mailing list