[Mimedefang] DSN Policy - was Re: Email injection and the android 'email' app

Les Mikesell lesmikesell at gmail.com
Mon Mar 4 14:13:20 EST 2013


On Mon, Mar 4, 2013 at 1:00 PM,  <kd6lvw at yahoo.com> wrote:
> --- On Mon, 3/4/13, Dale Moore <Dale.Moore at cs.cmu.edu> wrote:
>> ... I have had the philosophy that it is better to reject an email via
>> SMTP protocol (550 5.1.1 No Such user here) instead of accepting an
>> email then later sending a Delivery Status Notification (DSN) that an email
>> could not be delivered....
>
> I don't believe that one has such a choice.  In today's hostile world, if one CAN reject during the SMTP session, one MUST reject during the session.  An end system (where mail is delivered) should never generate a rejection DSN; only relay systems may/should do so but not always (cf. forged mail).
>
> The fact that your belief is not absolute is indicative of the problem.

But this isn't random spam here - the host in question is the
submission host and the client in question isn't a transport relay.
I agree that shouldn't really make a difference in terms of
understanding the protocol, but maybe google really wants android
users to use the gmail app.

-- 
   Les Mikesell
     lesmikesell at gmail.com



More information about the MIMEDefang mailing list