[Top] [All Lists]

mailing list RFCs?

2007-07-04 17:29:28
Has anyone looked at any of the following RFCs? My only concern is the amount of spoofing that occurs with the current mailing lists process. Some may say this is a "legitimate spoof".

This one expires July 2007.

To Quote:

   Some mailing lists alter the message header, while others do not. A
number of standardized list-related header fields have been defined,
and many lists add these headers. Separate from these standardized
list-specific header fields, and despite a history of
interoperability problems from doing so, some lists alter or add
header fields in an attempt to control where replies are sent. Such
lists typically add or replace the "Reply-To" field and some add or
replace the "Sender" field. Poorly-behaved lists may alter or
replace other fields, including "From".

I also see a problem when the From: is not not changed and other headers are removed. Often lists add or remove fields to the message header as stated above.

This maybe the first RFC that talks about lists.

To Quote:

   Mail list processors should not allow any user-originated list header
fields to pass through to their lists, lest they confuse the user and
have the potential to create security problems.

Now it doesn't define "user-originated" but if this means headers added by the original sending MUA or MTA I see issues with this.

Another describing List-ID

I guess I'm trying to find the standard of processing mailing lists within a legitimate organization. So far, seems to uphold a good policy. Then again if any of my headers are missing when I receive this it could be an issue.....

happy 4th!


<Prev in Thread] Current Thread [Next in Thread>