On Feb 4, 4:18pm, Steve Atkins wrote:
}
} There's a subtle implication, which is that if you're stashing the
} ARF consumer address in a header, and your MX isn't overwriting (or
} stripping) that header, then it's possible that spam reports could
} be sent to the preferred reporting address of someone further up
} the delivery chain. I see this as an advantage, but it needs to be
} mentioned.
This is exactly the point I was making, over at the head of another
sub-thread. If a reporting address can come in from somewhere up the
chain, then it can come in *forged*, and whatever software is going
to interpret the address needs a defense against that.
Numerous proposals for dealing with this (and arguments about why it
isn't necessary, or in Rich's case, why it's irrelevant) have already
been bandied about.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg