[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moderated posts?

On Mon, 13 Oct 2014 20:33:11 -0400
Miles Fidelman <mfidelman@meetinghouse.net> wrote:

> Jerry Stuckle wrote:
> > On 10/13/2014 7:10 PM, lee wrote:
> >> Brian <ad44@cityscape.co.uk> writes:
> >>
> >>> The mail is accepted. What the recipient does with the mail after
> >>> that is outside the scope of an RFC. There is no obligation on
> >>> the recipient to inform the sender that he has ripped up the mail
> >>> and junked it.
> >> When the MTA delivers the mail it accepted correctly, then there
> >> is no problem.  What whoever receives the mail does with it is an
> >> entirely different question.
> >>
> >>
> > Incorrect.  All the MTA does is receive the mail.  It is then free
> > to queue it up to the user, send it to a SPAM folder or delete it.
> > None of these options is covered by the RFCs.
> >
> 
> Well, yes and no.  Reporting "message accepted for delivery" as a
> status code, then silently dropping it, or otherwise sending
> inaccurate status codes, is kind of questionable.

Yes, although there should still be an audit trail. As I said to Harry
the other day, if you have a message ID from the receiving server you
(probably) can chase it up, and no reputable anti-spam software will
drop a message without keeping a log stating that it has done so. It is
generally possible to find out why a legitimate message was dropped,
though of course, somewhat after the event.
> 
> And... these things ARE covered, at least in part, by RFCs"
> 
> RFC5321 (latest SMTP spec), Section 6.2. (Unwanted, Unsolicited, and 
> "Attack" Messages) makes for interesting reading.
> 
> For example:
> "As discussed in Section 7.8 and Section 7.9 below, dropping mail 
> without notification of the sender is permitted in practice. However,
> it is extremely dangerous and violates a long tradition and community 
> expectations that mail is either delivered or returned. If silent 
> message-dropping is misused, it could easily undermine confidence in
> the reliability of the Internet's mail systems. So silent dropping of 
> messages should be considered only in those cases where there is very 
> high confidence that the messages are seriously fraudulent or
> otherwise inappropriate."
> 
There Is No Alternative. If a message is malicious spam, then it is
absolutely certain that the 'From:' is forged, and no messages should
be sent to it. There is some spam which might be called 'genuine', in
that a real business has sent it under the impression that UCE is a
legitimate marketing tool. In those cases only, a bounce message would
be appropriate, but sometimes even I'm not sure whether a spam falls
into this category.

-- 
Joe
Reply to: