In <4008F6F4(_dot_)30978(_dot_)9F7CA2A8(_at_)localhost> "John Warren"
<John(_at_)wenet(_dot_)tustin(_dot_)ca(_dot_)us> writes:
I think the "MAIL FROM:" transaction field should contain the
authenticated sender address not the field supplied by the user in the
"From" header field. The "MAIL FROM:" would then be the same as the
"Sender" header field.
It is my understanding that the Sender: header is, unfortunately,
ambiguous. It's exact defininition changed between RFC822 and RFC2822
and RFC822 used it in two different ways. I forget where I saw this
discussed, but I remember being pretty well convinced that Sender: is
not very reliable.
Who is the true sender of the message? It has to the the authenticated
sender not the "From" sender which could be forged even if it is a
legal forgery.
A more likely candidate for what you describe would be Resent-From:
however I think this is not always reliable either.
I don't remember every seeing the contents of the "MAIL FROM:"
transaction header every being passed on in the delivered message in
any field that a mail client would display. So it makes since that the
"MAIL FROM:" should the the authenticated sender true e-mail address.
The envelope-from is often contained in such headers as Envelope-From:
and Return-Path:.
This would solve the issue and not be a kludge like SRS plus it uses
all standard fields.
None of the standard fields have a cookie that will allow a system to
reliable tell if it should accept a bounce or not.
Oh one more point, you can abort during the "DATA" phase, you don't
have to accept the entire message. But in this case that would not be
required.
I can't see how you can abort during the DATA phase, there is no
communication from the receiver until the final ".<NL><CR>" is sent.
It would have been really nice if SMTP had a HEADERS and BODY pair of
commands instead of a DATA command, but it is a little late to change
that now.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡