On Wed, 15 Sep 2004, Jim Fenton wrote:
Of course, this assumes that SUBMITTER is being checked. In past
discussions on SUBMITTER, it hasn't been clear (to me) that this would
always be done. Which makes me wonder how much value SUBMITTER has,
since it can then be spoofed to anything that works.
On the other hand, perhaps if the SUBMITTER address is checked against
(just) the From address, and if different the From address is rewritten
to make the SUBMITTER address that was used visible to the recipient, it
might be useful.
I'll remind that I posted a set of ideas to extend SUBMITTER in similar
way - http://www.imc.org/ietf-mxcomp/mail-archive/msg04726.html
I'd like to receive more comments about this as far its only been one
public comment and 4 private ones (but all positive ones!).
Also it would be good if we had an answer from Pete Resnick regarding
interpretation of RFC2822 and how it applies to the the current marid-core
draft and its use of Resent-From headers by different types of
forwarders and by mail lists. Such interpretation would help in deciding
what the next steps should be in regards to the SenderID and Submitter.
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam Research Worksite:
http://www.elan.net/~william/asrg/