Re: Typical Geek Whingeing...
On the off chance that you might be right, I ran a series of tests against my own Google Apps domain, egeek.ca. Here are the results.
Attempting to sent to an address that doesn't exist from a Telus-based e-mail account provided me this bounce message:
Reporting-MTA: dns; cmta4.telus.net [188.8.131.52]
Received-From-MTA: dns; Impella [184.108.40.206]
Arrival-Date: Wed, 04 Jun 2014 18:10:33 -0600
Final-recipient: rfc822; email@example.com
Diagnostic-Code: smtp; 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 v7si6012708qad.84 - gsmtp
Last-attempt-Date: Wed, 04 Jun 2014 18:10:33 -0600
Similarly, attempting to send from a legitimate eGeek.ca account to an Astlor.ca (which runs on sendmail) account that doesn't exist let the NDR through to my eGeek account. It didn't get caught up in spam or trash; Gmail sent it straight through to my Inbox. Here is that e-mail:
Delivery to the following recipient failed permanently:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain astlor.ca by astlor.ca. [220.127.116.11].
The error that the other server returned was:
550 5.1.1 <Bob@astlor.ca>... User unknown
----- Original message -----
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
X-Received: by 10.50.13.4 with SMTP id d4mr13139985igc.11.1401927652048;
Wed, 04 Jun 2014 17:20:52 -0700 (PDT)
Received: from Impella ([18.104.22.168])
by mx.google.com with ESMTPSA id q2sm400463ign.2.2014.06.04.17.20.51
(version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Wed, 04 Jun 2014 17:20:51 -0700 (PDT)
From: Trevor Pott <firstname.lastname@example.org>
X-Google-Original-From: "Trevor Pott" <Trevor.P@egeek.ca>
Date: Wed, 4 Jun 2014 18:20:44 -0600
X-Mailer: Microsoft Outlook 14.0
I also tried a series of additional tests (mailbox full and so forth) and found that Gmail allows all standard SMTP NDRs that I can think of to reach the Inbox and returns most of them.
Now, IIRC, this wasn't always the case; quite some time ago they had disabled NDRs for a while in order to cope with backscatter - quite frankly, backscatter is a huge problem for a lot of MTAs - but they seem to have gotten around the backscatter issue through a combination of blacklisting known bad senders (thus not sending them NDRs) and greylisting.
Interestingly enough, this is exactly what I am trying to achieve with the chained X-SPAM-STATUS filters: reduce backscatter. I need something that will do proper LDAP lookups against active directory and thus not accept mail for users that don't exist. That said, I also need something that wil both blacklist the known baddies (and not NDR them) as well as greylist new users so that known badguys can't just probe the directory.
E-mail isn't simple, and it's getting harder. It's a heck of a lot more complicated today than it was even two years ago, and it's nightmarishly fiendish compared to a decade ago.
Google does it well. Better, quite frankly, than anyone else I've seen. It seems we will remain starkly divergent in our opinions on this topic.
Also: just FYI, Peter had raised the issue to me before you did. I simply didn't check my e-mail until late Sunday afternoon because I was enjoying a wonderful blissful day of sleeping in, followed by spending time with my wife.