Stuart D. Gathman wrote:
An opt-in modifier is a good idea. But from= doesn't cut it
- it isn't obvious that Sender could match also - and what
should the argument be?
No argument, just op=from "my From always matches MAIL FROM".
Makes no sense for mailing lists, so maybe op=rfc822 to cover
also Sender:. That was op=william in the first op= draft and
based on William's "eh" (equivalence header) idea.
I pulled it in version -03 together with op=pra, but of course
I could add something like it again. The old text was (see
also
<http://mid.gmane.org/4185F668(_dot_)125F(_at_)xyzzy(_dot_)claranet(_dot_)de> ):
6.3.4 The optional "rfc822" property [ed.: was "william"]
The "rfc822" property is used, if the address found in one of
the mail header fields Resent-Sender, Resent-From, Sender, or
From in this order as defined by [STD 11] always matches the
MAIL FROM mailbox address defined by [STD 10].
The "rfc822" property can be used by MUAs to identify the
responsible sender in a mail after their border MTA verified
the MAIL FROM address with SPF, and after their MDA inserted a
corresponding Return-Path into the header.
The "rfc822" property allows to split the responsibilities
of SPF tests at the receiver between border MTA, MDA, and MUA
in different ways, its main purpose is to prevent "phishing"
attempts.
The "rfc822" property SHOULD NOT be used in sender policies,
if affected users cannot disable it individually. Some MUAs,
MSAs, and mailing lists enforce valid MAIL FROM addresses, but
don't enforce a corresponding address in a mail header field.
For Seth's idea we could throw out the Resent-* part. And find
a better name than "rfc822", I'd like op=secy as some kind of
insider joke.
Bye, Frank