--On Samstag, Oktober 23, 2004 18:53:05 -0700 Greg Connor
<gconnor(_at_)nekodojo(_dot_)org> wrote:
--Seth Goodman <sethg(_at_)GoodmanAssociates(_dot_)com> wrote:
a) MSA immediately rejects, with explantation, any message where the
highest of From:/Sender:/(newest)Resent-From: does not match return-path.
This would be ideal, though I don't know if all MUA's can set return-path
properly. This approach avoids all ethical and legal problems. If the
explanation returned included web links to clear instructions on how to
correct the setup in each of the common MUA's, service calls would be
reduced, but not eliminated.
I would suggest modifying this to say "rejects any message where the
domain of the most recent From:/Sender:/(newest)Resent-From: does not
match the domain of the return path." Adding "domain of" allows
things like SES/SRS or VERP to work.
NACK. Let the MSA sort put which addresses the submitter may use. For
something like VERP ans SES/SRS there should be regular expressions that
match login to allowed adresses.
Some people will want to send mail as domain.com but have bounces go to
return.domain.com or bounces.domain.com or something. I'm not sure how
to accomodate those.
Reducing teh matching to domain only would mean that any AOL user could use
any AOL return address. IMHO this is hardly any improvement compared to no
checking at all.
[...]
I would prefer to have messages rejected rather than modified. RFC2476
allows us to reject a message if we can't associate the return path with
the actual user. I don't know if it gives us the power to change it...
ACK. This also avoids legal problems.
Ralf Döblitz