2008-09-01
Accept-then-bounce is no longer acceptable in mail systems
Once upon a time it was acceptable for an Internet-facing mail system to promiscuously accept all email during SMTP conversations without checking to see if the destination user actually existed, and then send out bounce messages if it found problems. Those halcyon days are over, killed by changing circumstances and specifically by spam.
The problem spam causes for accept-then-bounce is simple:
- most email is spam
- a good chunk of it goes to incorrect or outright random local usernames
- almost all spam has forged origin addresses
- some amount of those forged addresses actually exist and belong to innocent bystanders
The inevitable result is known as 'backscatter', and has been a known issue for at least five years.
Thus if you are going to reject things, you must reject during the SMTP conversation. No excuses accepted. In particular, you do not not get to plead that spammers can do dictionary scans if you reject bad local addresses at SMTP time; in this case the cure is worse than the disease (and it is hideously selfish of you, since your decision protects yourself but puts the burden on other people (at least until you get blacklisted)). Besides, there are ways around the problem.
(In theory you can just silently discard messages with problems, but this has various problems in practice, like real people who make mistakes with email addresses never finding out about it.)
This applies just as much to things like virus scanners as it does to unknown local users; you should be doing content scanning during the SMTP connection.
(This is not exactly new; I just feel like writing it down.)