[Top] [All Lists]

Re: MUA support for multiple from addresses

2012-02-29 13:28:21

At 4:19 PM +0100 2/28/12, Alessandro Vesely wrote:

 On 28/Feb/12 13:05, Arnt Gulbrandsen wrote:

 3. We'll restrict From and the smtp sender addresses to ones
 explicitly connected to the SASL/Submit user.

 IMHO, forcing the login ID to match any world-readable outgoing header
 field is not a tremendous security improvement.  Most MUAs allow to
 configure From: with whatever (unverified) address.

This is my concern as well. I often set the 'From' header field to a one-off or a user-detail or even someone else's address (when using Eudora redirect). As long as I'm authenticated to the submit server, and the message can be tracked back to me in case I abused it, what I put in the 'From' header field shouldn't matter.

Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Some days you feel like Schrodinger's cat.   --M. S. Hutchenreuther