At 09:06 AM 6/5/2003 -0400, Dave Aronson wrote:
"Peter Kay" <peter(_at_)titankey(_dot_)com> wrote:
> 2. The recipient does not have me on their whitelist, so they send a
> challenge. But because their "FROM" address in the MAIL command is
> NOT the sender's address, TTK doesn't have that address on its
> whitelist so it sends a challenge to the challenge.
>
> End result is that the TTK user never sees the recipients challenge
> and the recipient never gets the email. So what ends up happening is
> the recipient has to go through their quarantine folder and pull out
> the email. The TTK user never gets the email because the challenge
> was killed in the MAIL command.
>
> So, to me, C/R systems need to at least use their end-users email
> address on the MAIL FROM address in the mail command.
Using a Reply-To could throw a bit of a monkey-wrench into this. Perhaps
the protocol should specify sending to the Reply-To (if present), and if
that verifies, then consider the From verified as well.
Also, many people have Lots And Lots of addresses. I can think of three
addies offhand of mine that lots of people get email from, not counting
the temporaries, and sometimes I forget to switch addies when sending to
certain people. Perhaps the protocol could also say, "I might also send
you email later under the following addresses", and whitelist them too,
possibly with the whole C/R process repeated for each.
Something tells me there are problems with these ideas, but there's too
much blood in my coffee stream to figure them out at the moment. |-)
Careful perusal of the relevant RFCs shows that there are differences
between these fields. Section 3.6.2 of RFC 2822, distinguishes between
various "sender" fields:
o "The "From:" field specifies the author(s) of the message, that is, the
mailbox(es) of the person(s) or system(s) responsible for the writing of
the message."
o "The "Sender:" field specifies the mailbox of the agent responsible for
the actual transmission of the message. "
o "When the "Reply-To:" field is present, it indicates the mailbox(es) to
which the author of the message suggests that replies be sent."
The "FROM" field is the one that will get C/R checked, since that is the
mailbox that sent the email. Additionally, the "MAIL FROM" addresses that
is used in SMTP is not intended to this purpose, rather it indicates a
mailbox to which errors should be sent to. It is perfectly legal and
sometimes even recommended in RFC 2821 to use <> for the MAIL FROM.
Yakov
---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg