Re: [ietf-smtp] DSNs

Sam Varshavchik <> Sun, 26 April 2020 23:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A1B3E3A1698 for <>; Sun, 26 Apr 2020 16:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PCUuT62y0lV5 for <>; Sun, 26 Apr 2020 16:56:17 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 646B33A169E for <>; Sun, 26 Apr 2020 16:56:17 -0700 (PDT)
Received: from ( [::ffff:]) (TLS: TLSv1.3,256bits,TLS_AES_256_GCM_SHA384) by with UTF8ESMTPS id 00000000002C0011.000000005EA61F9E.000052AC; Sun, 26 Apr 2020 19:56:14 -0400
Received: from (localhost []) (IDENT: uid 1004) by with UTF8ESMTP id 000000000005E9BC.000000005EA61F9D.0000881E; Sun, 26 Apr 2020 19:56:13 -0400
References: <20200426222237.7E1351864BA8@ary.qy>
Message-ID: <>
From: Sam Varshavchik <>
Date: Sun, 26 Apr 2020 19:56:13 -0400
Mime-Version: 1.0
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg
Content-Type: multipart/signed; boundary=""; micalg=pgp-sha1; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [ietf-smtp] DSNs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 26 Apr 2020 23:56:19 -0000

John Levine writes:

> In article <> you  
> write:
> >Incoming mail is addressed to a valid mailbox. Your MTA accepts it. As such,
> >the sender already knows it is a valid recipient.
> >
> >I don't follow what information is getting leaked, if a second later a
> >success DSN gets sent to the sender. The sender already knows it's a valid
> >mailbox, by the virtue of the fact that the mail was accepted.
> Not necessarily.  It might be forwarded, it might bounce later.

It's already known that if you are going to forward your mailbox, you want  
to get your bounces go somewhere else. The bouncing on forwarded mail are  
mostly useless to the original sender. The original sender can't do anything  
about them.

In this situation I would considering forwarding to be a secondary act that  
has no bearing on the original mail. The message was delivered to the  
recipient. The fact that it was forwarded by the recipient's mailbox is a  
out of scope for DSNs.

> We can bikeshed forever about whether you send a success DSN if it's
> delivered to a spam folder.

If it's succesfully delivered to a spam folder, that seems like a smashing  
success to me.

But that's not important. I thought there were some security implications to  
successful DSNs, that I didn't know about; but looks like that's not the  
case; all are things that have been known for decades…