At 19:59 2001-07-19 -0700, Andrew Edelstein wrote:
I think you're thinking about the problem too much.
If the "From:" address is @geol.ucsb.edu, it doesn't much matter if it's
forged or not. The response is still going to go to an address within the
subdomain. There is no way to spoof an address in such a way that the
auto-responder will send it's responce to other than where it thinks it's
respnding.
See RFC 2821 (which superceeded 821), section 3.6.2.
Basically, From: isn't inherently the address to which a reply will be sent
- Reply-To: would override it. If you check the From field, then send a
reply using the proper mechanism (formail -rtzxTo:), then you may very well
reply to an address which differs from the From.
A little demonstration: just hit REPLY to *THIS* message, and see what
address comes up, despite the From: header. This is my standard
configuration for posts to this list.
However, I agree with the basic premise that the reply address should be
checked for the desired domain, unless some other argument is put forth as
to why this isn't suitable.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail