On Sat, 30 May 2009, Baltasar Cevc wrote:
On May 28, 2009, at 4:37 PM, Matt Sergeant wrote:
Seems a little fragile. There aren't many bounces that quote all
headers. You'd be better off just rejecting all bounces in qpsmtpd,
then you only see "legit" bounces where the remote end issued an
immediate 5xx to your Exim's outgoing mail. Of course when I suggest
that (here and on other lists) mail admins tend to freak out a bit. But
I'm of the opinion that I've barely ever seen a useful full bounce in
years. So my qpsmtpd runs a no_bounces plugin, which I believe I've
posted here before.
While I would not freak out, it is surely not RFC conformant. And, even
worse, it is illegal in some legislations (I can tell for Germany):
suppressing mails (thus also failure notices that made sure the sender
knows a mail has not arrive) is punishable under the German Criminal
Code.
That's a major misunderstanding of both the RFCs and German law.
However, I think everybody should descide himself/herself.
Indeed.
I notice 'broken' systems that will send bounces instead of rejecting
mail from time to time...
I'm not suggesting there aren't. But as far as I can tell, there's 3
options:
1) accept all bounces, and get flooded with invalid bounces when spammers
spoof you.
2) implement BATV and the flaws it has.
3) reject all SMTP level bounces and the flaws it has.
All have problems. You just pick your acceptable failures.
Matt.
