ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Fwd: New Version Notification for draft-crocker-email-deliveredto-05.txt

2021-08-16 14:34:26
> When I say that "Delivered-To" is an opaque token private to the MTA,

That's nice, but does not represent the observable existing behavior.
And what /you/ mean is less of an issue that was actual existing
practice is.

We need to be very careful about drawing conclusions like this from
"observable" data. My data was collected from mailboxes delivered to by an MTA
that isn't configured to insert Delivered-to: fields. This means that almost
all of Delivered-to: fields I'm seeing are ones inserted in messages forwarded
by a mailing list. In such cases it's expected that the field values will
either some sort of list address or one of my externally visible addresses.

But things would be different if I was using Postfix, or if I had my MTA
configured to do what Postfix is documented to do when delivering to local
addresses. In this case I would be getting addresses of the form:

   uid+folder+specialuse@lmtp-back-end

Such an address is meaningless to anything but the LMTP server itself,
and in fact would not be accepted as valid by anything except that
server (which of course is not reachable by anything other than authorized
LMTP clients).

I'm not sure the address qualifies as "opaque", which in fact is a bit of a
problem, since tacky or even NSFW folder names aren't exactly unheard of. And
exposure of account UIDs can be a security issue.

But it's definitely private to the MTA.

                                Ned

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>