Meng,
MWW> | Could you provide us with en example of what you view as legitimate
MWW> | spoofing of RFC2821 MAIL FROM and RFC2822 header From:?
MWW> Legitimate spoofing of RFC2821 MAIL FROM:
Dictionary.com:
tr.v. spoofed, spoof·ing, spoofs
1. To deceive.
"legitimate spoofing" is an oxymoron.
MWW> - web-generated email (I log in to eBay and send mail using eBay's web
MWW> UI to another eBay member; I want to see bounces.)
That's not spoofing. It is entirely fine for you to do it and you are
not deceiving anyone. And it is, in fact, common practise, as has been
cited quite a few times. So, it ain't spoofing.
MWW> - verbatim forwarding (a(_at_)a(_dot_)com sends mail to b(_at_)b(_dot_)com
which forwards to
MWW> c(_at_)c(_dot_)com; if c(_at_)c(_dot_)com is undeliverable,
a(_at_)a(_dot_)com should get the bounce.)
this is not spoofing.
MWW> Legitimate spoofing of RFC2822 header From:
MWW> - My mother comes to me and asks me to email my father with a note
MWW> to buy milk and eggs on his way home. I send mail using a mail client
MWW> that lets me edit the From: header field so I change it to her
MWW> email address; I put my email address in the Sender: header.
In other words, she is the author. So, again, this is not spoofing.
MWW> | Do you believe that the pursuit of points 1 and 3 should override the
MWW> | preservation of these legitimate spoofs?
MWW> Yes; legitimate spoofing is by definition very hard to distinguish from
MWW> illegitmate spoofing.
Not if it isn't spoofing. It involves no deception.
You are describing entirely valid, legal, practical and used scenarios.
MWW> I want to be able to send mail to my dad on behalf of my mother.
Or, rather, your mother wants to send mail, through your account.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>