Meng Weng Wong wrote:
How does this sound? This way we get to protect the 2822 From:, which
is something we all do want to do --- we just don't want to do it in a
way that breaks too much else.
I would suggest that maybe an explicit match is too strict. My
explanation is long-winded, so please bear with me :)
I uses Challenge/Response with VERP and various extension addresses as
follows:
- My envelope is a dated address which expires after 14 days (long
enough for any bounce, too short to be harvested)
- My From address is plain so my recipients recognize it. Replying to
this plain address will cause a challenge to be sent.
- My Reply-to address is also dated and expires after 14 days (long
enough for most recipients to reply to me, but too short to be harvested)
When a challenge email is sent as a result of someone sending email to
my plain address or an expired dated address, it has the following
characteristics:
- My envelope is a special extension address - It will be stored in a
folder in case there are legitimate bounces, but most of these are
bounces due to non-existent spam emails, and largely ignored.
- My From address is plain so my recipients recognize it.
- My Reply-to address is a specially-tagged address which will release
the original message from the pending queue.
In all of these circumstances, all these various messages are similar,
in that they have the following format:
i.am [ -optional-extensions ] @ [ optionalhostname. ] jimramsay.com
I propose a way of matching the Envelope to the Headers "within reason":
That is, if the domain is mostly the same, and the front-part is
mostly the same, consider it "first-class". For example, I think this
could be considered close enough to say that an email is "first-class":
Envelope: i(_dot_)am-bounce-return(_at_)watson(_dot_)jimramsay(_dot_)com
From: i(_dot_)am(_at_)jimramsay(_dot_)com
Reply-to: i(_dot_)am-other-mailbox(_at_)jimramsay(_dot_)com
Sender: lack(_at_)holmes(_dot_)jimramsay(_dot_)com
[Note, please don't reply with "Don't use C/R it's evil" - I know why
some people don't like C/R and I know why some people like C/R. My
intent was not to start a discussion on C/R, but to note that there are
other legitimate reasons for having envelopes which do not _exactly_
match the From: or Reply-to:, that matching "within reason" may be
better than exact matching.]
--
Jim Ramsay
"Me fail English? That's unpossible!"