Seth Goodman wrote:
In fact if someone is offering me a message, why should I
exclude myself from scrutinizing anything in that message
before deciding to accept it?
You are of course free to do with your mail whatever you like.
It's less simple if you are processing mail for 3rd parties
(= your users), because then you can't do whatever you want
without prior consent. Hector often cited some of the legal
aspects here. E.g. GMail might be illegal where I live, and
maybe also in California.
There are serious discussions in German net-abuse groups about
adding the word ***Spam*** to the subject. Some experts think
that this might be illegal. Fortunately my provider ignored
these discussions and does it anyway.
the world is moving in the direction of requiring the at
least the 2821 and 2822 domains to be the same. Eventually,
it may get more strict.
Some years ago the world was apparently moving in the direction
of using PGP or S/MIME everywhere. Let's see what happens.
This implies to me that is SHOULD be the sender. That
doesn't ay we have to enforce it, but it also doesn't say
that we _can't_ enforce it, especially if the sender agrees.
The most simple approach would be, that those who "want" a
Sender header for whatever reasons (incl. PRA and "eh") simply
take the Return-Path if necessary. But we had this discussion
already, it's IMO the technical reason why Sender-ID and MARID
failed. With a Return-Path default Sender-ID could work.
what are the real benefits of continuing to allow the two
addresses to be from different domains?
The same reason why you always use the same postal address in
your snail mails no matter where you "submit" them.
Let's explore this further, please.
No further ideas, maybe news2mail gateways: If you post an
article somewhere using your normal From address, and if the
newsgroup is exported to a mailing list somewhere else, then
the mail has your From-address, and a MAIL FROM gateway. In
that case it depends on the gateway, maybe it adds the same
address as Sender: gateway hiding your Sender (if any) as a
X-Original-Sender (or similar), or it uses Errors-To like a
SYMPA mailing list keeping your From / Sender as is.
AFAIK gmane does "the right thing" from your POV, please check
it in the header of this mail. I add a dummy Sender: matching
my From: to make it more interesting for gmane and listbox ;-)
If you don't see any "Test for Seth" in the headers this test
failed miserably, and either Gmane or Listbox deleted my Sender.
What I meant to say was the fact that the sender asserted
2821=2822 equivalence and the message passed that test. This
would have to be communicated in the SPF header
Yes. It's possible to split the work in other ways between MTA
and MUA, e.g. the MUA could check the equivalence, and the MTA
only tests 2821 (adding an "eh" info for the MUA).
pobox.com users have per user policies, that's as good as a
real domain for SPF. So maybe Meng sees another good reason
to support William's idea.
I don't think it's fair to criticize Meng for that.
Oops, where do you see a criticism here ? It's a GOOD feature
to offer per-user policies. And with per-user policies you can
solve many odd cases to get the same sender policy working with
both 2821 and 2822 tests.
Bye, Frank