At 11:20 PM -0500 3/16/06, Martin Hannigan wrote:
On 3/16/06, Bill Cole
<<mailto:asrg2(_at_)billmail(_dot_)scconsult(_dot_)com>asrg2(_at_)billmail(_dot_)scconsult(_dot_)com>
wrote:
At 8:41 AM -0800 3/16/06,
<mailto:ajv-oarybolive(_at_)vsta(_dot_)org>ajv-oarybolive(_at_)vsta(_dot_)org wrote:
---------------
Hi,
I just attempted to put in a work request for my Sirius radio subscription,
via their web site. Whaddya know, I got an E-mail bounce back from them.
Turns out that Sirius uses <http://electric.net>electric.net behind
the scenes, and your web
submission turns into an E-mail submission with a From: which is filled in
to look like a request from your own E-mail address.
A bad practice. One that is extremely common, but which has always
been lazy and unwise, even before SPF and even before spam was a
significant problem.
Which RFC does it violate though?
I can't fathom why anyone would think that is a useful question. It
is a practice that leads inevitably to bad outcomes. Whether an RFC
prohibits an operationally unwise practice is a trivial issue. RFC's
don't define the boundaries of good or wise behavior.
Less trivially, such a system opens the operator to abuse by unknown
third parties that could put them in arguable violation of various
email forgery laws including CAN-SPAM. Violating an RFC is something
many of us do every day without any negative consequences, but
violating laws is something one should take real care about.
I think it's a fair use case.
It causes the mishandling of any transport failures by design.
Calling it a "fair use" is meaningless. As a matter of principle,
generating a piece of email and transporting it via SMTP with an
envelope sender address whose owner is not explicitly made aware of
that use is ethically wrong, but even if that use is disclosed there
are problems with user error and intentional abuse that cause bad
outcomes with systems like the one described.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg