On Wed, 14 Jan 2004 16:30:02 EST, Hector Santos
Return-path is intended for (non)delivery notification, not for sender
verification. It is not reasonable to take return-path as an indicator
of sender identity.
Why not? I believe the presumption is made in RFC 1123 and in RFC 2821 that
DNS and error reporting is to be returned to a "existing" return path.
Otherwise what is the point of using a Return-Path: header?
*exactly*. Return-Path (which is derived from the 2821 MAIL FROM) says
*where to send the bounces*. As such, it tells you almost nothing about who
actually *sent* it - consider that the mail I'm replying to would be considered
as being "sent" by either Hector Santos, or the ietf-smtp mailing list,
on your religion. owner-ietf-smtp is where bounces go, not who the sender is.
I have a home-grown "probe for dead list owners" script for our Listserv system.
It sends mail with an RFC2822 From: of
'postmaster(_at_)listserv(_dot_)vt(_dot_)edu', but the
2821 MAIL FROM: has 'dead-owners(_at_)listserv(_dot_)vt(_dot_)edu', which, not
feeds into a Perl program that does the first-pass parsing of bounces for me.
Did dead-owners send the mail? No, it's just catching the bounces.
Description: PGP signature