Re: [ietf-smtp] DSNs

Sam Varshavchik <> Sun, 26 April 2020 21:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 234C63A1210 for <>; Sun, 26 Apr 2020 14:02:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1dsaFkRNyEdT for <>; Sun, 26 Apr 2020 14:02:07 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 86ABD3A120F for <>; Sun, 26 Apr 2020 14:02:07 -0700 (PDT)
Received: from ( [::ffff:]) (TLS: TLSv1.3,256bits,TLS_AES_256_GCM_SHA384) by with UTF8ESMTPS id 00000000002C0011.000000005EA5F6CD.00004A99; Sun, 26 Apr 2020 17:02:05 -0400
Received: from (localhost []) (IDENT: uid 1004) by with UTF8ESMTP id 000000000005E9BC.000000005EA5F6CD.00007EAF; Sun, 26 Apr 2020 17:02:05 -0400
References: <20200426203307.97DFB1863A8B@ary.qy>
Message-ID: <>
From: Sam Varshavchik <>
Date: Sun, 26 Apr 2020 17:02:04 -0400
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=""; micalg=pgp-sha1; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [ietf-smtp] DSNs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 26 Apr 2020 21:02:09 -0000

John Levine writes:

> With SMTP you have no way to tell who is sending a message that
> arrives from outside, and experience tells us that the majority of
> incoming mail is hostile.  We don't do success notifications or web
> bugs because we don't want to leak info about our users to malicious
> strangers.

Can someone explain something, slowly, to me:

Incoming mail is addressed to a non-existent recipient. Your MTA rejects the  

Incoming mail is addressed to a valid mailbox. Your MTA accepts it. As such,  
the sender already knows it is a valid recipient.

I don't follow what information is getting leaked, if a second later a  
success DSN gets sent to the sender. The sender already knows it's a valid  
mailbox, by the virtue of the fact that the mail was accepted.