On Wed, 08 Sep 2004, Paul Howarth wrote:
What do you suppose a "legitimate" use of the "Reply-To:" header would be,
and why is it not spoofing?
I use tim(_at_)timkennedy(_dot_)net for my email. I also have a gmail account.
I'm using my gmail account mostly just for giggles, since I have my own
server, and more than 1gb of storage available. But occasionaly I use
it when traveling, and I don't have access to an SSH client.
I set the Reply-To: to be tim(_at_)timkennedy(_dot_)net, so that any replies
will
come to my primary mail account, where I am likely to receive them.
Then at my server, I split my mail, and forward a copy to my local
mailbox, and a copy to my gmail account.
To me, this is the exact intention of the Reply-To: header. I'm not
spoofing, since the Mail From: and From: headers will show that I sent
the email as tkennedy(_at_)gmail(_dot_)com, which is true.
It's also requesting politely, that people send any replies to
tim(_at_)timkennedy(_dot_)net(_dot_) If I were to set it to anything else, I
wouldn't
get my own replies (unless I unset it).
I fail to see how this is spoofing. I am not misleading anyone as to
the origin of my email, nor am I misleading anyone as to my preferred
response destination.
-Tim
--
There are 10 types of people on Earth. Those who understand binary, and those
who don't.