The intent here is to do the following:
1) Alert the real sender if we can reasonably reach the person.
2) Alert the relay owner if they were relayed through without knowing
about it (and pressure them to fix it - pronto!)
3) If we can't do either right away, toss the bounce on the floor
on the premise that its better to give up than keep screwing around
and clog up the pipeline.
What do the rest of you here think? Option (1) doesn't look very sound; the
fight right now is between (2) and (3).
In my opinion, if you fix the relay problem to about 75%, the rest of the
relays will get fixed or die, due to the spam volume, then one you solve
the relaying problem, someone has to transmit all the messages themselves,
which greatly lengths the time to detect them, and makes the cost of spamming
go up. (It also allows IP based blocking to work better.)