You make assumptions that weren't in the original posts.
On Wed, Feb 04, 2004 at 11:17:31AM -0500, David Maxwell wrote:
The difference is that the web-based email is not claiming that the mail
is _from_ an identity/entity which it has no claim to. It says 'From:
abc(_at_)hotmail(_dot_)com'
Assuming that I'm using a web-based email system that ties me
inextricably to their email address. I happen to access my email via a
web-system when travelling, where normally I access it through an MUA on
my machine - in this case, and in the case where I ask a third party to
send an invite or an article in my name, the software sitting on the
web-server is acting as an MUA. I do not see where the distinction
between 'normal' and web-based MUA lies that makes email originating
from one spam, and not the other.
The site offering 'send a friend this link' allows you to type in any
From address, and forges a message from you.
You say 'forges', but isn't this exactly what any MUA does? I can
configure 'mutt' to send email from you - this doesn't mean that
legitimate mail I send from 'mutt' is also by definition spam.
Since there is no technical way for the recipient to verify that you
authorized that message, there is no technical difference between it,
and simple forged spam.
Where does this assumption come from? Many online content providers
these days require you to log in.
Either the web site should produce an email that's easy for the end-user
to send, or the source address should belong to the source of the email
- the website.
I believe this conclusion is based on flawed logic.
+Pete
--
No man but a blockhead ever wrote, except for money.
-- Samuel Johnson
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg