Please, correct me if I'm wrong about this

[Javier]

It is supposed that mail servers should bounce NDR's to local users only (or so I have been told).

So I have been making some checking about my actual ISP behavior regarding this matter, and I have got mixed results that don't fit with the ones expected (by me). I will be grateful if you let me know if -as I think- my ISP have a wrong configuration (or not entirelly desirable), or it is me and my assumptions the ones that are wrong.

- The first check I have made is to send a email (with "me[at]myISP.com" in the 'From' field) to an address that I know for sure that it don't exist (let's call it "notexist[at]otherdomain.xyz"), via my ISP mail server.

As expected, the otherdomain.xyz mail server sent a 550-error to myISP.com server, and then myISP.com server bounced it to me[at]myISP.com:

...

<notexist[at]otherdomain.xyz>: host mail.otherdomain.xyz[xxx.xxx.xxx.xxx] said: 550 5.1.1

<notexist[at]otherdomain.xyz>: Recipient address rejected: User unknown in virtual

mailbox table (in reply to RCPT TO command)

...

Until here, all correct (or I think so).

- The second check, I sent the same email to notexist[at]otherdomain.xyz via my ISP mail server, but I changed the 'From' field to "me[at]elsewhere.com" (a discardable email got on purpose).

I was expecting that my ISP received the 550-error, and after realizing that me[at]elsewhere.com wasn't a local user, it simply discarded/deleted the bounce.

Instead of it, my ISP mail server bounced the NDR to me[at]elsewhere.com:

Return-path : <>

Envelope-to : me[at]elsewhere.com

Delivery-date : Thu, 10 Apr 2008 12:47:41 +0200

Received : from [192.168.1.55] (helo=antimisp01) by mxb08.elsewhere.com with esmtp (Exim 4.68) id 1JjuJf-0008GB-Mf for me[at]elsewhere.com; Thu, 10 Apr 2008 12:47:40 +0200

Received : from smtp01.myISP.com ([xxx.xxx.xxx.xxx]) by antimisp01 with elsewhere id Bmnf1Z0063g5D2u0000000; Thu, 10 Apr 2008 12:47:39 +0200

Received : from exim by smtp01.myISP.com with local (Exim 4.60) id 1JjuJW-0005j9-CT for me[at]elsewhere.com; Thu, 10 Apr 2008 12:47:30 +0200

X-Failed-Recipients : notexist[at]otherdomain.xyz

Auto-Submitted : auto-replied

From : Mail Delivery System <Mailer-Daemon[at]smtp01.myISP.com>

To : me[at]elsewhere.com

Subject : Mail delivery failed: returning message to sender

Message-Id : <E1JjuJW-0005j9-CT[at]smtp01.myISP.com>

Date : Thu, 10 Apr 2008 12:47:30 +0200

X-Virus-Scanned : by elsewhere.com

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

notexist[at]otherdomain.xyz

SMTP error from remote mail server after RCPT TO::

host mail.aafg.es [xxx.xxx.xxx.xxx]: 550 5.1.1 :

Recipient address rejected: User unknown in virtual mailbox table

------ This is a copy of the message, including all the headers. ------

<snip>

Original message

<snip>

Is this behavior correct? (to bounce the 550 to an address -me[at]elsewhere.com- external to the server receiving it -myISP.com-)?

Shouldn't instead be deleted the 550-error message, without further bounces?

[StevenUnderwood]

Is this behavior correct? (to bounce the 550 to an address -me[at]elsewhere.com- external to the server receiving it -myISP.com-)?

Shouldn't instead be deleted the 550-error message, without further bounces?

This is not quite the same thing. The problem is generally when the receiving server does not issue the 5xx error allowing the sending server to decide where to send the message.

Additional questions...

Can you use your ISP's SMTP server when you are not connected to their network? Probably not, unless:

Do you need to authenticate to your ISP's SMTP server (part of setting up the email client)?

I can see where if you are authenticated to their server or network, they are trusting you to put a valid sender address whether it is on their network or not. They are allowing you to send your bounces where you want. Unless you need to authenticate to the server (i.e. it allows anyone on the internal network range access) the server does not know who you are. The only thing it knows is you have an IP on its allowed list. Your client would be unlikely to be able to receive an SMTP message from your server, it just sends the bounce where you said it should.

If you need to authenticate to the server (like we do with the SpamCop SMTP server), then the server knows which account logged in and could then send the message to the authenticated sender. The admin may still decide to use the senders address because the local ISP address may not even be monitored, (i.e. the ISP's mail server is only used for outgoing but is never checked because it was ful of spam when the account was opened, been there: done that, switched to SpamCop Email)

[Javier]

Hi, Steven. Thank you for your reply.

...

Additional questions...

Can you use your ISP's SMTP server when you are not connected to their network? Probably not, unless:

Do you need to authenticate to your ISP's SMTP server (part of setting up the email client)?

...

Yes, you are right: I need to authenticate to send mail thru my ISP' SMTP server.

I can see where if you are authenticated to their server or network, they are trusting you to put a valid sender address whether it is on their network or not. They are allowing you to send your bounces where you want.

<snip>

If you need to authenticate to the server (like we do with the SpamCop SMTP server), then the server knows which account logged in and could then send the message to the authenticated sender. The admin may still decide to use the senders address because the local ISP address may not even be monitored

<snip>

I see. So the results that I have obtained are due to my ISP trusting the 'bona fide' of his users (that is, me, in this case).