Jon Kyme wrote:
Y.S. wrote:
The MAIL FROM parameter does not tell us where the mail is from,
only the bounce address for that email. The assumption is that
whoever is the bounce address is, is probably the sender,
but in many cases especially mailing lists, that is not true.
As a matter of fact in some protocols such as SMTP AUTH,
the sender's identity is passed in an SMTP extension separate
from the bounce address.
Or the other way up:
The assumption is that the address given as the sender in the MAIL FROM is
useful as the bounce address.
The MAIL FROM argument is *used* for bounces, but it's use in LMAP
doesn't seem to be contrary to its purpose of specifying the
"sender" mailbox:
Please understand that I am not against using the envelope from, but the
fact that its meant for something else needs to be stated. If my consent
is required in order to use my address as a bounce address, that's a
useful addition for the mail system. But if we want to do that, AND pass
authentication information on the original sender, that's two different
purposes.
In my understanding the RFC appears to be ambigious since it does state
that the sender's address is only used for error reporting. My
understanding of the RFC that its only meant for error reporting is
based on a conversation with Pete Resnick who edited it.
Additionally, the analogy on which its based is the real world postal
system where the sender's address on the envelope indicates the return
address but not necessarily the person that send it.
Also, RFC 2554 defines an additional parameter in MAIL FROM:
"5. The AUTH parameter to the MAIL FROM command
AUTH=addr-spec
Arguments:
An addr-spec containing the identity which submitted the message
to the delivery system, or the two character sequence "<>"
indicating such an identity is unknown or insufficiently
authenticated.
"
Apparently the MAIL FROM command was not sufficient for this purpose
since it indicates the bounce address. This parameter was added in order
to pass authentication information.
Yakov
P.S. The description from RFC 2554 eerily reminds me of some of the text
describing LMAP.