Virus Notification from Content Scanners

If you are running any type of scanner, you should be careful not to send replies when notifying alleged senders of a virus. The RFC compliant mechanism for this is a DSN (Delivery Status Notification) which is simply a message where the envelope from is '<>' (empty). This is important for several reasons:

• prevents mail loops - MTAs should never reply to a DSN (although some braindead ones do anyway, but at least it stops with the first clueful MTA).
• avoids annoying innocent bystanders - viruses tend to lie about who is sending the virus. A DSN can be easily ignored using techniques such as a signed local part, or matching the DSN with a log of messages actually sent (via rfc822 attachment or embedded email).

In addition, no reply or DSN of any sort should be sent when the message gets an SPF FAIL.

-- LucaGibelli - 14 Nov 2006

• If your MTA allows, always sent 550 error message after DATA check instead of sending a bounce. It is best practice for heavy loaded mail servers.

-- AlexeyZ - 12 Feb 2007

</center-->