spf-discuss
[Top] [All Lists]

Re: [SPF Classic] Privacy and disclosure of 2821 MAIL FROM

2004-10-07 00:35:21
Stephane Bortzmeyer wrote:
 
Alice is at a conference. She uses the hotel's network to
send mail. She configures her MUA to tell "From:
alice(_at_)mycompany(_dot_)com". But, to be aceptable by SPF MTAs, the
mail will have an envelope from (2821 MAIL FROM) of
"customer(_at_)thehotel(_dot_)com". It is already visible in Return-Path
and the Received headers but a SPF-aware MUA will display it
more prominently and therefore may cause privacy concerns.

The "Return-Path" is no new SPF invention, it's everywhere in
SMTP (for a new example see RfC 3834).  2476bis could be the
place to mention these privacy concerns (if it doesn't already,
I've not checked this), because there you have the MAYs in 6.1
and 8.1 doing something with the mail on the sender's side.

Hiding available info on the side of the receiver would be a
really bad idea,
                 Bye, Frank