Giampaolo Tomassoni wrote:
>> -----Messaggio originale-----
>> Da: Matus UHLAR - fantomas []
>> ...omissis...
>> I am really curious how do they behave when there's forged sender and
>> both
>> MTA's use this. Either they will cycle forever (so they will never know
>> if
>> either address is OK), or they will stop checking (so the spam will
>> pass
>> because spammer forged domain with SAV implemented) or the mail (even
>> legitimate!) just will not pass...
>> Once I'll try this on two or more such systems (in parallel!) and see
>> if
>> they will DoS each other...

> No, Matus: they don't cycle.
> An MTA willing to check the existence of a sender address would do this
> before its reply after end of DATA (i.e.: after having received the
> message). Instead, an MTA would inform its peer of a non-existent mailbox
> after RCPT-TO (with a 5XX error code), which is well before DATA.
> The checking system need not proceed to DATA in order to check the existence
> of a mailbox, so there is no cycle...

I believe the more direct reason why there wont be a cycle/loop is that:

When doing SAV, the checking host should set its "Mail-From" to "<>".

So, if someone tries to send me a message from, and I
were to use SAV (which I don't), then the SAV check should have these

Mail-From: <>

The reason why this shouldn't cause a loop is that RFCs specifically
state that <> a valid Mail-From, and should always be accepted.
Therefore, the other side should never reject (and therefore never
check) the validity of <> as a mail-from.