Agreed, but near sighted. If the sending MTA had done some sort of validation to ensure the message
was not forged when it accepted it, then we wouldn't have a blowback problem. You cannot blame
subsequent MTA's in the path for detecting and rejecting bad email when its something the first hop
MTA could (and should) have done in the first place!

His point I think is that if the virus is trying to send directly to the MTA it would get rejected
with no bounce back (because the virus wouldn't process a bounce).

If an MTA.1 accepted a virus message, and tried relaying it to MTA.2, when MTA.2 rejects it as
forged, and MTA.1 processes a bounce, well, NO SYMPATHY FOR MTA.1, it should have taken steps to
prevent the virus/forgery etc from being accepted by itself in the FIRST PLACE.
The statement was that virus infected machines don't usually process bounces if an MTA rejects its
transmission attempt. And the statement *is* correct.
True, but what is your point? The question at hand was "If the MTA rejects a message, does this
cause a blowback problem":
Case 1: Message is arriving from the virus itself:
-no blowback, viruses will usually ignore the rejection

Case 2: Message is arriving from an MTA that accepted the message from a virus:
-no sympathy for the bounce, the MTA should have rejected the virus message in the first place.
Is there a real issue with blowback? NO: There are plenty of ways of dealing with blowback until
all the MTA's are upgraded to provide some sort of MTA authentication to deal with forgery and
reject it at the first hop. (Yes, even silently dropping the bounces, something which large ISP's
often do already ANYWAY).

Terry Fielder

And let's not forget that the authorization can also include SPF-Classic or even Unified SPF (if ot
goes anywhere) (or even if you like bad things to happen PRA). That would ensure that authorized
clients of the MTA.1 whose machines are infected cannot forge the From address, hence the bounce
generated by MTA.1 when MTA.2 rejects the email will go somewhere not forged (i.e. the infected
machine or at least someone from that domain).
Exactly.
Definitely the best course of action.
Exactly.
Sorry to say "what he said", but it is *so* important and seems to get overlooked by those rejecting
SPF, I felt the need to chime in.

Terry Fielder

And this stops forgery how?

I think you're forgeting that _every_ user (including every spammer and
forger, and virus-infected computer) has relay services provided by their
provider. They have those services right up until they don't.

SPF takes for granted that the ISP's users can forge email to the ISPs
relay, and doesn't address that problem. This opens the possibility for
100% blowback.
You may reject some virii. But I think you don't reject all virii, either
because your virus definitions aren't uptodate every second of the day, or
because a new virus has emerged which isn't in the detection database.

Supposing you say, "I don't accept any attachments", then I'd point out
that this is insufficient to prevent infection, since a link to a rogue
server is enough to infect a computer.

Supposing you say, "I don't allow html email", then I'd point out that
abusers can still send a URL in text, an the unsuspecting user might type
it into their browser and get infected.

Supposing you say, "My users are too smart to fall for that", I'd say:
congratulations. But it doesn't scale.

--Dean

None of the things you listed indicate prevent forgery. Server
authorization is not related to forgery. As I pointed out, Closed relays
are "authorized", but one can still forge emails. SMTP AUTH and
Pop-before-SMTP don't prevent forgery, either.

As I already pointed you, you keep forgetting that every abuser is
someone's customer, and so has access to relay facilities. Those
facilities cannot prevent forgery.