[Mimedefang] DSN Policy - was Re: Email injection and the android 'email' app

kd6lvw at yahoo.com kd6lvw at yahoo.com
Mon Mar 4 14:00:00 EST 2013

--- On Mon, 3/4/13, Dale Moore <Dale.Moore at cs.cmu.edu> wrote:
> ... I have had the philosophy that it is better to reject an email via
> SMTP protocol (550 5.1.1 No Such user here) instead of accepting an
> email then later sending a Delivery Status Notification (DSN) that an email
> could not be delivered....

I don't believe that one has such a choice.  In today's hostile world, if one CAN reject during the SMTP session, one MUST reject during the session.  An end system (where mail is delivered) should never generate a rejection DSN; only relay systems may/should do so but not always (cf. forged mail).

The fact that your belief is not absolute is indicative of the problem.

More information about the MIMEDefang mailing list