On 2008-05-22 15:34:10 -0400, John Leslie wrote:
Peter J. Holzer <hjp-ietf-smtp(_at_)hjp(_dot_)at> wrote:
I think most people these days use web interface to subscribe to
mailing-lists. People probably don't know their current BATV address, so
a user will enter 'john(_dot_)doe(_at_)example(_dot_)com' into the web
form. He will get
the confirmation mail to this address, click on the confirmation url,
and get all the mails delivered to this address.
Note that the opt-in confirmation presumably _will_ contain a BATV-
The user may not ever send a confirmation mail. For example, con
confirmation requests sent by mailman look like this:
| We have received a request from 192.0.2.7 for subscription of your
| email address, "hjp-example(_at_)hjp(_dot_)at", to the
| mailing list. To confirm that you want to be added to this mailing
| list, simply reply to this message, keeping the Subject: header
| intact. Or visit this web page:
I am sure many users will confirm by clicking on the URL and not by
replying to the message. So the mailing list software will not see the
So it appears to work fine. Until he actually tries to send mail to the
list - the mail comes from
doesn't match the address he's subscribed with, so it will be rejected.
To tell truth, that's broken.
Requiring a MailFrom you've never seen isn't nearly as reasonable as
requiring a 2822-From you have seen.
Actually, you haven't seen either a 2821-MailFrom or a 2822-From yet.
What you have seen is a 2821-RcptTo (You know that this works because
the user was able to click on the link in the message).
Nonetheless, if we observe such behavior in the wild,
ezmlm is the canonical example. Ned tells us that his mailinglists use
the envelope, too. I don't know if either uses a webbased subscription
mechanism like mailman, but I suspect they do.
we should at the very least warn about it; and IMHO we should design
in a workaround.
That's why I mentioned it.
_ | Peter J. Holzer | It took a genius to create [TeX],
|_|_) | Sysadmin WSR | and it takes a genius to maintain it.
| | | hjp(_at_)hjp(_dot_)at | That's not engineering, that's art.
__/ | http://www.hjp.at/ | -- David Kastrup in comp.text.tex
Description: Digital signature