Spammer spoofing

[Tom Anderson]

----- Original Message ----- 
From: "Jonathan Buzzard" <jonathan at buzzard.me.uk>
> In the first instance any decent email program should warn the user before
> this happens. In the second instance they deserve a bounce saying it has
> been rejected due to lack of a subject line.

By all means, if you have the authority to make such a decision for your 
users even though there is no RFC or other standard which requires a subject 
line.  I would never presume to reject my clients' corporate email based on 
such an arbitrary rule.  If the lack of a subject line were combined with 
other attributes, such as the bogosity, to make such a decision, then it 
would be more defensible.  Moreover, the bounce doesn't tell the sender that 
it was rejected due to the lack of a subject line, it tells them that the 
user doesn't exist.  I would hate to face the lawsuit in which I was charged 
with the damages of costing one of my clients an important contract because 
the customer thought they didn't exist anymore.  Flat-out rejecting of any 
email is not something to be taken lightly, and if it is decided to do so, 
at least a descriptive response should be supplied... eg: This server 
doesn't accept blank subject lines... please resend your email with an 
appropriate subject line.  A spammer would never read the bounce anyway, but 
at least legitimate senders -- and your users -- will know what's going on.

Tom