On Fri, May 11, 2007, Alexey Melnikov
<alexey(_dot_)melnikov(_at_)isode(_dot_)com> said:
2). Cullen Jennings:
>I see a serious problem with the allowing redirection to more than
>one users.
>This allows a very high speed server in the center of the network
>to perform a application of already large traffic. When filtering
>happens on an end user email client it is no worse than what the
>client could do by just sending new email. This is worse. It is also
>different than mailing lists which hopefully have a consent mechanism.
>I am proposing fixing this by saying that the limit on number of
>redirects SHOULD be one and the times to ignore this SHOULD are text
>environments and such.
I've sent Cullen a reply saying that there are several implementation
that allow for multiple redirects.
However the document should have a security consideration on this issue,
if it doesn't already.
I like being able to place multiple redirects, and am using that
functionality myself to implement a blind reflector address. I thought the
only major concern was preventing a mail loop.
Hadn't .forward files allowed multiple redirects since just about forever?
Aaron