spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Email Forwarder's Protocol ( EFP )

2005-02-28 23:35:26
from [Frank Ellermann] [Permanent Link] 
Dave Crocker wrote:
 

Yes, there is lots of text that said otherwise, but it is in
error.


Then get a time machine and fix it, both STD 10 and RfC 2821.

And maybe RfC 733 for Bruce Lilly.  Why should a STD 10 sender
be different from the very same word sender in RfC 733 ?  Most
probably the STD 10 author knew RfC 733, and STD 11 is even in
its references.


The operative point is:
     "to which error reports should be directed"
is not required to be the sender


It's the same meaning of "sender" as in the many "Secy at Host"
examples of RfC 733.


The only thing that is really interesting about all this is
that it took us 25 years to discover the error in wording.


There's no error, all these "Secy" examples were pretty clear.
If I had to reinvent SMTP based on your old texts I'd come to
the same MAIL FROM sender idea as it is.

Of course it's a nice feature if a "Sender: Secy(_at_)Host" could
say MAIL FROM:<Troubleshooter(_at_)Host>, but it's a clear security
violation in the case of a MAIL FROM:<Victim(_at_)anotherHost> for
a mail sent from Host and not from anotherHost.


One can easily construct other, legitimate scenarios, for
having it be a different address.


Not with different hosts.  Different local parts can be okay.
Otherwise you'd need "security considerations" equivalent to
the terabytes of spam, billions of dollars, and ages of time
wasted by the blatant abuse of this obvious security loophole.


if it were merely redundant with RFC2822.Sender or
RFC2822.From, it would have been specified as being required
to be redundant.


SMTP is only one way to transport mail, and Sender: Secy is
only one of the cases, where a Sender: makes sense.  Normally
with SMTP a Sender: is in fact redundant, because it should be
the same as the mailbox address in the reverse path.
 

It wasn't and it isn't.


It always was, is, and works as designed.  If you want to twist
it into some non-euclidean SMTP, then "let the market decide".
Spammers and a few forwarders vote for your new "bounces-to",
but I stick to your old "Sender: Secy at Host" model with SMTP.

                         Bye, Frank
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: Re: Email Forwarder's Protocol ( EFP ), Graham Murray
Next by Thread:  Re: Re: Email Forwarder's Protocol ( EFP ), Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]