On Mon, Aug 02, 2021 at 02:22:46PM -0400, John Levine wrote:
We have two decades of experience with Delivered-To. It has multiple
compatible implementations that have have worked the same way for decades.
One thing to keep in mind wrt. the existing implementations of
"Delivered-To:" (used purely for loop detection) is that the format of
the payload is an internal detail of the receiving LDA.
In particular, it is not unreasonable for the LDA to record an encoded
HMAC of the recipient address in the localpart, thereby making more
difficult abuse of "Delivered-To:" to elicit bounces of the message to
the purported envelope sender (because it is then harder for the
attacker to predict the magic "Delivered-To:" value).
For use-cases such as fetchmail demultiplexing multi-recipient upstream
mailboxes, other ad hoc headers (e.g. X-Original-To:, ...) have been used
by various sites.
http://www.postfix.org/pipe.8.html
http://www.postfix.org/local.8.html
http://www.postfix.org/virtual.8.html
The Delivered-To and X-Original-To (and similar) headers address separate
concerns and should not be conflated.
--
Viktor.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp