On Fri February 25 2005 14:56, SM wrote:
At 07:18 23-02-2005, Bruce Lilly wrote:
The draft addresses two separate cases where the From field is
inappropriate: 1) where the author has no Internet mailbox (this
is not a case of anonymity)
We rarely if ever see a genuine case one in practice.
Many web-based systems provide for sending mail (other than invoking
a client-side mailer via a mailto URI); many neither "know" nor "care"
whether the author has an Internet mailbox -- most will expect an
author to provide one, but cannot authenticate.
My suggestion is to have the mailbox of the
Sender in the Sender field.
The draft explicitly permits a Sender field, but notes that it is not
required.
My point is not about server-side authentication. Message originator
fields can and may be used for authentication. Quoting RFC 822 section 4.4.2:
"This field contains the authenticated identity of the AGENT (person,
system or
process) that sends the message."
That means that the originating MUA (or possibly MSA) is expected to
authenticate the content of the field if it is supplied or generated.
It does not mean that a recipient's MUA should make any assumptions
about the content (which may have been forged, or altered in transit).
End-to-end use of the originator and recipient header fields is meant
for user-to-user communication, like the header of written communications.
While I expect (by analogy) a magnifying glass to show the header of
a written letter, I do not expect it to attempt to analyze the content
of the message. Likewise, while an MUA should display message header
fields, more elaborate processing usually leads to problems, such as
"helpful" UAs that insist on filling electronic address books with
bogus and incorrect address fields.
On a different note, you wrote "As such, it improves security for message
authors who require anonymity." under security considerations. People
requiring anonymity are better served by using anonymous remailers instead
of excluding the From field from their message.
At one time there was such a remailer (somewhere in Finland I think),
but as far as I know it has been shut down quite some time ago, and
I'm not aware of any current ones. In light of various "Big Brother
is watching you" provisions in various countries, I'm not sure that
any such wide-use system is truly feasible at present.
----
War is Peace
Freedom is Slavery
Ignorance is Strength
-- Eric Arthur Blair, a.k.a. George Orwell, "1984"
1984 arrived a decade and a half late. We apologize for the convenience
while it lasted.