RE: The pretty name


On Thu, 30 Sep 2004, Ryan Malayter wrote:

This is exactly why I think we need RFC-2822 integrity checking and
authorization as part of some transport-level standard like Unified SPF.
There are too many MUAs out there for us to change; changing MTA
behavior to stop this problem is much easier.


I don't think changing MTA beavior is any easier and I have some problems 
with rewriting RFC2822 headers by intermediate MTAs, although its possible
this maybe appropriate for MDA but only if the changes do not actually 
drop original data and just add extra information into "pretty name" part
of the from address.

Also in draft-leibzon-responsible-submitter-00 in section 5.4.1 I did write
what MUAs should do, so please let me know if you're ok with below text:
-----------------------------------------------------------------------
5.4.1 Displaying Verification Results in MUA

   When displaying a received message, an MUA SHOULD check message for
   Authentication-Results headers and if last entered such header is
   proceeded only by Received and Return-Path trace headers which appear
   to have been added by MDA or by other MTAs which are known to be on
   the same network as MUA, then MUA should display the value of
   Responsible Submitter as found in "envelope-submitter" as well as
   display to the user the results of SPF verification. 

   If email address of Responsible Submitter is the same as address in
   one of the "From:" headers, then MUA should show that email address 
   as email origin and indicate by some means that it has been SPF-
   verified based on submitter identity. If header "From:" address is
   not the same, then origin of the email should be indicated as being
   that of Responsible Submitter with email listed as having been sent
   on behalf of the party listed in "From:" header. It should be made
   clear that only Responsible Submitter part of the email origin has
   been SPF-verified and not the header "From:" address part.

   MUA may also want to find envelope-submitter values from all
   "Authentication-Results:" headers as well as "Sender:" and all
   "From:" headers and display them as addresses responsible for
   transmission of the message.

---
William Leibzon, Elan Networks:
 mailto: william(_at_)elan(_dot_)net
Anti-Spam and Email Security Research Worksite:
 http://www.elan.net/~william/emailsecurity/

<Prev in Thread]	Current Thread	[Next in Thread>
The pretty name, Michel Py testing my subscription..., Anthony Ching SPF Setup, Anthony Ching Re: The pretty name, Carl Hutzler RE: The pretty name, Ryan Malayter Re: The pretty name, Joe Rhett Re: The pretty name, Stephane Bortzmeyer RE: The pretty name, william(at)elan.net <= RE: The pretty name, Ryan Malayter Re: The pretty name, Hector Santos RE: The pretty name, John Glube Re: The pretty name, Neil Brown Re: The pretty name, Mark RE: The pretty name, Ryan Malayter Re: The pretty name, Hector Santos Re: The pretty name, Ryan Malayter RE: The pretty name, Ryan Malayter Re: The pretty name, David Brodbeck