On Mon, 28 Feb 2005, Charles Lindsey wrote:
There are four solutions that have been proposed:
1. Omit the From field entirely
2. Use some invalid domain, e.g. @blah.invalid.
3. Use some invalid IP, e.g. @[] or @[0,0,0,0]
4. Introduce some new syntax, e.g. From: "Mickey Mouse" <>
5. Don't make any change because pseudonymity is enough.
You're talking about a different problem. It's one thing to say
"this message doesn't have a known sender, or the sender doesn't
correspond to any email address", and something else to say
"the sender of this message doesn't want to reveal his identity".
We've been discussing how to solve the first of these problems.
For the first problem, you don't want to reply to the message because
the reply will go nowhere. You want either no address or some kind of
address that the mail system will quickly realize is invalid. And
you would like to have some convention for these addresses so that
they can be identified as early as possible, ideally by the recipient's
MUA so that it can say "sorry, you can't reply to this address".
For pseydonymity, replies are often quite useful - you just need to
arrange for the messages to get sent by a path that makes them difficult
to trace. You want a valid address that the mail system will treat
normally, but which will get routed via a mechanism that makes it
difficult to associate the pseudonym with the actual correspondent.
Some systems reject messages that have no valid originator address in
the message header, so if there is no From: there would have to be a
Sender:
That, and because the specifications require it. But the Sender address
doesn't have to be that of a person, and it doesn't have to be useful
for replies. It's just a tag that can be associated with whoever or
whatever sent the message.
Some systems reject messages that have no valid originator address in the
message header, so if there is no From: there would have to be a Sender:
In addition to that, this kind of checking would also cause them to reject
foo(_at_)blah(_dot_)invalid From: addresses, or those using bogon IP
addresses in
domain literals.
Filters employ lots of bogus criteria. Even messages that claim to not have
a usable From address can still be valid. They can even be authenticated.
Keith