ietf-asrg
[Top] [All Lists]

Re: [Asrg] Per domain blacklists

2003-03-18 08:47:09
In my way of thinking we shouldn't be checking the from header using the 
blacklist records.  We should be checking the envelop from and making sure 
that the client displays "'envelope from' on behalf of 'from'" to their 
users. (I think this is already the behavior of Outlook.)

That makes it hard to exploit the system for silent forging but easy to use 
with mailing lists. 

On Tuesday 18 March 2003 01:41 am, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu 
wrote:
On Tue, 18 Mar 2003 01:08:30 CST, David Walker <antispam(_at_)grax(_dot_)com> 
 said:
4.  The check on the "from" header should be optional and/or non-fatal
and an

d

a "from" header that differs from the "mail from" envelope sender should
be noted and visible to the user.

Note well - this "check" will trip for *EVERY SINGLE* posting from a
properly configured mailing list (as the From: will be either the list or
the person who posted to the list, but 'mail from' will point at the
bounce-collection address like it's supposed to)

For that matter, this message left my laptop with mismatched From:
and MAIL FROM.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>