Ian Eiloart writes:
I think the reason that backscatter isn't subject to any RFC is that the real problem is the lack of authentication and accountability for return-paths in the original messages. Bouncing would be fine if you know that the email really came from the owner of the return-path.
That's what SPF and DKIM are intended to help with.
Aha, good point. OK, then the draft standards/RFCs for those qualify as far as I'm concerned. Note, I didn't mean that there must be an RFC saying "no backscatter", although you could read my words that way (and I certainly do demand it before I will consider this a purely technical problem). That would make things easy, of course, but those drafts/RFCs will most likely contain rationale for why we would like to outright ban backscatter, but can't quite go so far yet.
There's friction in their adoption because certain features of email (notably mail forwarding, but also some others) have no regard for these features.
By which you mean that SPF and DKIM in some configurations are as big a threat to Mailman as blacklisting for backscatter is, right?