From: Simon Lyall (email@example.com)
Date: Wed Sep 03 1997 - 21:52:32 CDT
On Wed, 3 Sep 1997, Brad Templeton wrote:
> An interesting question when it comes to authentication and reply-to,
> whether you talk about user authentication or site based auth, is just
> how many of the various headers need to or should be authentic?
I think the problem is that their are so many situations that we can not
try and enforce which header is correct.
For example when I post I could set the Reply-To to either
"firstname.lastname@example.org" or "email@example.com" . I can't see any obvious way
the injecting-agent could tell which I was entitled to use or not. There
might even be situations where I would want to set reply-to back to Brad
(ie "In case you haven't heard ClariNet is looking for newsadmins, email
Brad Templeton for details or just reply to this message" )
-- Simon Lyall. | Looking for Work | Mail: firstname.lastname@example.org "To stay awake all night adds a day to your life" - Stilgar | MT.