Re: MLM subaddress requirement

Have I made this clear? YOU CANNOT REQUIRE OR EVEN SUGGEST THAT AN MLM
DO ANYTHING WITH SUBADDRESSING UNLESS IT IS EITHER A 'MUST' STANDARD OR
YOU HAVE A WAY OF TELLING ON THE FLY IF THE REMOTE SITE SUPPORTS IT.


I strongly disagree.

It's not reasonable to use *any* return-path or header that's visible,
as a password to access sensitive information.  

(One could even imagine that the security considerations section of an
RFC saying you MUST NOT use a Return-Path or From header as an
authentication mechanism.)

But if the list is potentially available to anyone just for signing
up, comparing the return-path isn't really an authentication mechanism
-- it's just a crude heuristic to filter out bogons. 

There's nothing wrong with refining that heuristic to allow posting
from xxx(_at_)yyy(_dot_)zzz if the subscriber address is 
xxx+foo(_at_)yyy(_dot_)zzz(_dot_)

Keith

<Prev in Thread]	Current Thread	[Next in Thread>
50 people vs. newman, D. J. Bernstein Re: 50 people vs. newman, Harald . T . Alvestrand Re: 50 people vs. newman, Valdis . Kletnieks MLM subaddress requirement, Chris Newman Re: MLM subaddress requirement, Valdis . Kletnieks Re: MLM subaddress requirement, Chris Newman Re: MLM subaddress requirement, Valdis . Kletnieks Re: MLM subaddress requirement, Donald E. Eastlake 3rd Re: MLM subaddress requirement, Keith Moore <= Re: MLM subaddress requirement, John C Klensin Re: 50 people vs. newman, Bart Schaefer Re: 50 people vs. newman, D. J. Bernstein Re: 50 people vs. newman, Donald E. Eastlake 3rd Re: 50 people vs. newman, D. J. Bernstein

Previous by Date:	Re: comment for draft-moore-mime-cdisp-00, Mark Crispin
Next by Date:	Re: comment for draft-moore-mime-cdisp-00, Keith Moore
Previous by Thread:	Re: MLM subaddress requirement, Donald E. Eastlake 3rd
Next by Thread:	Re: MLM subaddress requirement, John C Klensin
Indexes:	[Date] [Thread] [Top] [All Lists]