The primary downside initially is that any legitimate server is doing two transactions for every email. This would delay mail slightly and increase queue lengths and CPU usage of every legitimate mail server sending to you. If everybody implemented this it would load mail servers up a bit.

My observation would be that a TCP reject doesn't result in a requeuing of the email. With postix, it would appear that the smtp sending process immediately tries the MX in the chain upto a max of 5 ( but this is configurable ). There is a SYN packet, an RST and then a SYN to the secondary, not IMHO a significant overhead or delay. NB: The first MX must reject the connection not just drop it, otherwise the behaviour you describe does occur.

Again it is a temporary workaround but it might be worthwhile for knowledgable system administrators. Over time the issues of spam still need to be sorted out but that is a longer term project and is both technical and political.

It would seem that all spam solutions are just sticking plasters but a 'defense-in-depth' approach using multiple techniques does seem to be viable for the time being. Glen.