On Feb 5, 2004, at 2:56 PM, Za'mbori, Zolta'n wrote:
Brett Watson wrote:
Scenario: party A sends mail to party B at the request of party C.
Example: Chris wants publisher Aardvarks.example.com to mail an
article to Bob. The subsequent mail transaction has
Aardvarks.example.com as the SMTP-sender, and Bob's mail server as
the SMTP-receiver. "MAIL From:" is given as a bounce-handling address
at Aardvarks.example.com (possibly utilising VERP), which allows an
LMAP-like system to bless the use of the given address. This would
not be possible if Chris' address were used at this point. "RCPT To:"
is given as Bob's address. In the message itself, "Sender:" is an
appropriate Aardvarks.example.com address, "From:" is Chris' address,
and "To:" is Bob's address. If the message is refused for any reason,
the bounce-handler at Aardvarks.example.com is in a position to
notify Chris of this failure via email.
IMHO there are no 100% solution to this situation. (Other than the
copy-paste "solution".)
If Aardvarks.example.com will be the MAIL FROM than MTA doing
white-list filtering at the SMTP level will refuse this email even the
white-list contains the email address of Bob.
Whitelisting based on the MAIL FROM: is faulty at best - the
forgability of that information is why this discussion is occuring at
all. In this situation, Aardvarks has no business or compelling
interesting in putting Bob's address in the MAIL FROM:. Bob is not the
agent sending the mail, Aardvarks is. Compelling reasons for Aardvarks
to use their own address as the MAIL FROM: include:
a) they actually sent it
b) if Bill lied (intentionally or otherwise) about being Bob, now
Aardvarks will be the one contacted, and they can correct their
behavior.
c) Aardvarks stays in the loop of how their resources are being used.
// George Schlossnagle
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on earth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg