[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of Sender in authentication considered unacceptable (was Re: draft-lilly-from-optional-01.txt)
If you want a viable authentication proposal, you need to define a new
field which will have a well-established meaning, not try to borrow
existing field which has either a different meaning (From) or some
existing field which has no consistent use in practice (Sender).
I agree that we don't see a consistent use of the Sender field in
practice. If the agent responsible for the transmission of the
message makes proper use of the Sender field, I don't see why we
should redefine a new field when there is already a field which was
set out for that purpose.
because in practice Sender is almost never used properly, and use of
Sender is so varied that the recipient cannot tell what is meant by it.
for example: mailing lists should almost never set Sender, because it
obscures who actually sent the message, and this is of interest to list
recipients. (there are exceptions: it's reasonable for digests to set
Sender to point to the mailing list. similarly for lists that
deliberately try to hide the actual addresses of the correspondents)