Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, 15 Oct 2014 15:13:27 -0400
Miles Fidelman <mfidelman@meetinghouse.net> wrote:
> Tanstaafl wrote:
> > My position is that:
> >
> > 1. email to invalid recipients should be rejected at the RCPT-TO
> > stage,
>
> Easier said then done - at least when a server does relaying, but
> clearly ideal when possible.
>
It's worth some effort, at the moment it is the single most effective
anti-spam measure. If you outsource your mail, it's worth going to some
trouble to find a hosting company who will hold and accept updates for
a list of valid recipients.
> >
> > 2. under *no* circumstances should mail to invalid recipients be
> > accepted for delivery then silently deleted based solely on that one
> > criteria,
Not on that alone, no, it could be a typo, in which case the sender
needs to be informed. But if it is spam, there's nobody to tell, and
you don't want to send a copy of the spam to the forged Reply-To:
address.
> >
> > and
> >
> > 3. once an email has been accepted for final delivery, every effort
> > should be taken to deliver the message to the recipient, whether to
> > their Inbox clean or tagged as spam (if a spam threshhold is met),
> > or to a spam quarantine,
Which shouldn't be a problem if there's a valid recipient.
> >
> > I allow for the very rare 'clear-and-present-danger' exceptional
> > circumstance that, if an after-queue content scanner determines
> > with a very high probability that something contains a malicious
> > payload, an admin might want to not deliver it to the recipient.
> > But, I would also argue that it should go into a quarantine that
> > only the admin has access to, and never just silently deleted.
> >
Yes, and a log kept. *And* the postmaster address monitored, and a
request to know the disposition of a vanished email should be
answered, along with the reason. Especially if the request is
accompanied by one of your message IDs...
> > But, as Jerry says, that is just my opinion...
Indeed. Within his domain, the email admin is king...
> >
>
> Generally agree with you in principle. And that's certainly the
> standards-compliant policy.
>
> In practice.... I support a few dozen mailing lists - operational
> necessity dictates dropping a lot of stuff silently.
Of course. Already-accepted spam *must* be silently dropped.
--
Joe
Reply to: