I already have enough trouble with over-paranoid mail system admins.
so do I. which is why I don't want mail being filtered just because
I happen to send mail from a dialup account (or my palm pilot)
with my normal return address.
Which is why I decided to go with a challenge/response instead of
hostnames. Didn't we already cover this once?
the mail standards specifically allow the sender to alter the From address,
I'll accept that; even the draft points out that controlling From
probably isn't feasible, regardless of desirability.
and you really want return-path / MAIL FROM to point to the place where
the sender will get the nondelivery reports resulting from mail that he
sends. (list mail excepted)
This, I think, is inappropriate. If you want a header for indicating
where non-delivery reports should go, add one; that also gives you the
ability to have errors go to more than one place (whether that's desirable
or not is a separate question). CS researchers 25 years ago may have had
no problems with sending each other joke mails with fake addresses, but
that's not a reasonable attitude to take today. There needs to be _some_
way to determine the real sender of a message, at least to domain level if
not farther, and I think it's pretty obvious that Received headers aren't
doing the trick. I don't claim that my suggestion is a panacea either, but
I do think it's a good start.
--Andrew Church
achurch(_at_)achurch(_dot_)org
http://achurch.org/