OPERATIONAL Question - Spamblock protocol

The intent here is to do the following:

1) Alert the real sender if we can reasonably reach the person.
2) Alert the relay owner if they were relayed through without knowing
about it (and pressure them to fix it - pronto!)
3) If we can't do either right away, toss the bounce on the floor
on the premise that its better to give up than keep screwing around
and clog up the pipeline.

What do the rest of you here think? Option (1) doesn't look very sound; the
fight right now is between (2) and (3).

In my opinion, if you fix the relay problem to about 75%, the rest of the
relays will get fixed or die, due to the spam volume, then one you solve
the relaying problem, someone has to transmit all the messages themselves,
which greatly lengths the time to detect them, and makes the cost of spamming
go up. (It also allows IP based blocking to work better.)

Hmmm.. this seems to argue for the last approach - try to send the bounce to
the FROM line at the relay, and failing that, send the bounce instead to

The only reason I don't want to bypass the user ENTIRELY is that if the
spamfilter gets someone who is legitimate (due to their being in the wrong
place, etc) I want there to be a reasonable chance that they'll get notified
by us that their mail was blocked and they need to talk to someone about it
(they may be legitimately trying to reach a customer of ours).