| It consists of an originator address (to which error reports
| should be directed)
| The <reverse-path> portion of the first or only argument
| contains the source mailbox (between "<" and ">" brackets)
...............^^^^^^
Maybe you should read this source again.
> It is "set by" the rfc2821.sender, but does not specify a
> source. The difference is quite important.
>
It's extremely important to understand, that the MAIL FROM
address is not only some potentially unrelated Errors-To
address, it is THE source, THE sender, THE originator.
Sorry, no.
Yes, there is lots of text that said otherwise, but it is in error.
The operative point is:
"to which error reports should be directed"
is not required to be the sender (and, by the way, originator and sender are
two different roles and may well be two different identities.) In fact it is
essential that it be allowed to be an entirely different address.
The only thing that is really interesting about all this is that it took us 25
years to discover the error in wording.
> And having the MailFrom specify some other address is not
> "forgery" as folks often call it.
>
If it doesn't specify THE source, THE sender, THE originator,
then it's either forged or redistributed or behind a gateway.
You might want to check on the realities of the subscription bulk email
business. It provides an entirely different case and it is entirely valid.
One can easily construct other, legitimate scenarios, for having it be a
different address.
At base, if it were merely redundant with RFC2822.Sender or RFC2822.From, it
would have been specified as being required to be redundant.
It wasn't and it isn't.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net