On 12 Sep 2014, at 18:27, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
By definition, p=reject enforces a semantic that requires the owner of
the rfc5322.From domain to have a relatively tight relationship with the
operator sending the message.
IMO, it's quite reasonable to characterize this as conflating From: and
Sender:.
What tends to be missed, throughout all of the discussions about dealing
with the effect on intermediaries such as mailing lists, is that most or
all of the mechanisms being discussed for intermediaries will work
equally well for bad actors...
Indeed.
I wonder if it might not simply make more sense to warn users that the
information in the header fields cannot be trusted once they have been remailed
by an exploder of any kind. This way, transparent MUA unwrapping of
encapsulated list mail is a much more plausible solution.
Cheers,
Sabahattin