|If I received snail-mail with your return address on it that
|came from someone other than you, I'd think that you would
|consider that a forgery. Say HP sent me a letter claiming to
|be from you talking about how great their printers were and
|how I should get one right now?
This has been discussed before. We need to take care in our
assumptions when using the words forgery, authorized and
authenticated.
Let me give you three examples, involving the agency
concept, something well recognized in the business world.
In all cases, presume that I am the agent.
First case:
I carry on business as a virtual assistant. One of my
clients has me take care of personal and business
correspondence. The client asks me to confirm a dinner
engagement with his "significant other."
Given the personal nature of the message, I set it up so the
mail envelope as showing my domain in the helo command, but
the client's email address in the smtp mail from command.
The from header shows my client's email address and the
sender header shows an email address using my domain.
The email is set up as being signed by my principal, but
written by me.
Second case:
My principal instructs me to send a notice by email on his
behalf to a third party terminating a contract. The email
notice will show it is signed by the principal. The
principal provides me with an email address at his domain to
utilize to receive any denial of service notice.
I send the message so that in the mail envelope the helo
command shows the message is coming from my domain, but the
smtp mail from designates the principal's email address.
In the message header the from header shows the principal's
email address and the sender header shows my email address.
Third case:
I run a mailing list. The mailing list concerns wine. All
persons on the list have granted express consent to receive
third party advertisements about wine and wine making. The
money realized from the sale of advertising is used to
defray the costs of running the list and pay for an annual
wine drinking party for list members.
I am retained as agent to send an advertisement to the list
concerning a new California chardonnay wine.
Here, the helo command in the mail envelope shows the
message is coming from my domain and I use an email address
with my domain in the smtp mail from command to receive any
denial of service notices.
The sender header uses an email address with my domain that
is allocated to that advertiser. The from header shows the
message is coming from me on behalf of the advertiser.
The advertiser provides the subject line and message body.
There is no reference to me as list administrator any where
in the message. The advertiser's mailing address is used in
the message as the sender. The email includes a functioning
unsubscribe link.
My point? We must take care about what we assume and the
labels we assign, given the many different ways people can
carry out legitimate email communications, be they personal,
transactional, or commercial.
John
John Glube
Toronto, Canada