Re: IESG comments on 3028bis

["Aaron Stone" <aaron@xxxxxxxxxxxxxx>]

On Fri, May 11, 2007, Alexey Melnikov <alexey.melnikov@xxxxxxxxx> said:

> 2). Cullen Jennings:
>  >I see a serious problem with the allowing redirection to more than 
>  >one users.
>  >This allows a very high speed server in the center of the network
>  >to perform a application of already large traffic. When filtering
>  >happens on an end user email client it is no worse than what the
>  >client could do by just sending new email. This is worse. It is also
>  >different than mailing lists which hopefully have a consent mechanism.
>  >I am proposing fixing this by saying that the limit on number of
>  >redirects SHOULD be one and the times to ignore this SHOULD are text
>  >environments and such.
> 
> I've sent Cullen a reply saying that there are several implementation 
> that allow for multiple redirects.
> However the document should have a security consideration on this issue, 
> if it doesn't already.

I like being able to place multiple redirects, and am using that
functionality myself to implement a blind reflector address. I thought the
only major concern was preventing a mail loop.

Hadn't .forward files allowed multiple redirects since just about forever?

Aaron