Has anyone looked at any of the following RFCs? My only concern is the
amount of spoofing that occurs
with the current mailing lists process. Some may say this is a
"legitimate spoof".
This one expires July 2007.
http://www.ietf.org/internet-drafts/draft-ietf-eai-mailinglist-01.txt
To Quote:
Some mailing lists alter the message header, while others do not. A
number of standardized list-related header fields have been defined,
and many lists add these headers. Separate from these standardized
list-specific header fields, and despite a history of
interoperability problems from doing so, some lists alter or add
header fields in an attempt to control where replies are sent. Such
lists typically add or replace the "Reply-To" field and some add or
replace the "Sender" field. Poorly-behaved lists may alter or
replace other fields, including "From".
I also see a problem when the From: is not not changed and other headers
are removed. Often lists add or remove fields to the message header as
stated above.
This maybe the first RFC that talks about lists.
http://www.ietf.org/rfc/rfc2369.txt
To Quote:
Mail list processors should not allow any user-originated list header
fields to pass through to their lists, lest they confuse the user and
have the potential to create security problems.
Now it doesn't define "user-originated" but if this means headers added
by the original sending MUA or MTA I see issues with this.
Another describing List-ID
http://www.ietf.org/rfc/rfc2919.txt
I guess I'm trying to find the standard of processing mailing lists
within a legitimate organization. So far, imc.org seems to uphold a
good policy. Then again if any of my headers are missing when I receive
this it could be an issue.....
happy 4th!
-Andrew