Re:Forget about them (Score 1)

No, if you reject during the SMTP session, you don't send an NDR at all, you send a 5xx SMTP response code. (It doesn't matter if the reason for rejecting is SPF-related or not). It is then up to the sending server to inform the sender with an NDR, and the sending server should only be sending on behalf of authorized/authenticated users, or be a permitted relay for such a server.

Anything detected as junk after the SMTP session is over should be marked as junk in some way so it can be stored in a junk folder. If an NDR is written then, it could be sending backscatter. If it's simply discarded, neither the sender or receiver will know when false positives are occurring.