ietf-smtp
[Top] [All Lists]

Re: Proposal for Adjusted DATA Timeout

2008-05-26 19:59:15

At 08:19 -0700 on 05/26/2008, ned+ietf-smtp(_at_)mrochek(_dot_)com wrote about Re: Proposal for Adjusted DATA Timeout:

More specifically, there can be legal requirements for all message recipients
to be listed in the header. Just putting in the address of a mailing list is
unaccepatable because the content of that list can vary over time. Depending on
the specific requirements in a given jurisdiction, it may be necessary to
expand the list into the header - alternative schemes such as keeping a precide
revision history for the list, or accurate logs of message traffic, while
technically OK, may not be allosed. (These systems typically also impose
draconian restrictions on forwarding, but that's a separate matter.)

Depending on if these SMTP Servers are accepting Email from anyone who wants to use them and has this "List All Recipients" requirement or a restricted set of senders (who can thus use a special MUA), a modification of the old "Apparently-To" Header injection bug (which happened if the To and Cc were empty and only Bcc/Envelope-Rcpt-To supplied the recipients) might work. The SMTP sends a EHLO 220-X-List-All response and the MUA suppresses the To and Cc list (having only a "To: (List Follows)" header) along with a X-List-All command. The SMTP server then injects X-List-All (with Recipient addresses) headers into the RECEIVED message's headers. The headers are comments anyway and can be created from the Rcpt-To command data instead of duplicating the Rcpt-To list in the To/Cc headers sent by the MUA.