I'm developing a custom server for handling incoming emails and I'm trying to figure out the best approach for running checks during the SMTP DATA phase. I have two options:
Option A is to run all the necessary checks—like virus scans, DKIM, and DMARC—before sending a 250 OK response to the sender. If any checks fail, I'd reject the message with a 5xx status.
On the other hand, Option B involves sending the 250 OK immediately after the DATA command and running the checks asynchronously afterward. In this case, I'd have to bounce or quarantine the email if it fails any checks later on.
I'm concerned that Option A results in slower responses, while Option B might create backscatter issues if emails are bounced after acceptance. For a modern mail handling server, which method is recommended? How do larger systems usually address this balance?
3 Answers
In my experience at a SaaS company with high email traffic, we lean towards Option A. We perform the virus scan on incoming emails but set a size limit to speed things up. For messages over a certain size, we do the additional scanning asynchronously after we accept the email. Yes, it does slow down the response time, but it's manageable if you scale the infrastructure accordingly.
According to the RFC guidelines, I would suggest performing spam and IP checks before returning a 250 OK. DKIM checks would ideally happen after the MAIL FROM, and virus scans should be conducted once you receive the complete message data.
This is a good topic to explore further! I'd advise sharing this question on the Mailop.org list, as they often discuss nuanced email handling strategies there.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures