I can certainly accept the arguments as to why bouncing would be a bad idea. What is the alternative? If the messages are simply dropped, the sender (nor the recipient) have any knowledge in the case of a false positive.
Reject at SMTP time.
Exim+Exiscan-ACL does this very well.
Steven
