From: Erland Sommarskog (sommar-usefor@algonet.se)
Date: Sun Feb 03 2002 - 10:59:38 CST
John Stanley <stanley@peak.org> writes:
> Sigh. Theoretically it could assume the sun comes up in the west, but
> I don't know why it would, nor do I know why it would see those two
> different strings as the same, and I REALLY don't see why it would
> introduce a Sender header if it thinks, theoretically, that the address
> you are posting under (-usefor) is the same as the one it thinks is your
> "real" one.
If my ISP's server's policy were to include a Sender when the From-content
does not agree with the current user, it could be smart to not include it
in the case I used sommar-usefor. (We know that the server in question
does not have this policy. Furthermore I have arrived at the conclusion
that the news server would not be able to verify sommar-usefor anyway,
because that would require it to read my login directory.)
> You seem to be insisting that we cannot prohibit broken injectors.
Well, those injectors are broken in the sense "John Stanley don't like
them". However, they are not broken in the sense "do not comply with
existing standards". The behaviour is perfactly legal with RFC1036, as
far as I understand.
However, since we are writing the new standard, we certainly have the
possibility to make them broken by prohibiting or deprecating the
behaviour. There might be good arguments for that, but you have not
been very successful in making them.
> I'm saying that the INJECTOR must not change the From header, or change or
> insert a Sender header, because it does not have sufficient information to
> base that action on.
Yes, we've heard you saying that all over again. And if you want to
successfully argument for prohibiting injectors from adding a Sender,
you should drop this argument. The injector may very well have
sufficient information to enforce its policy - and that policy does
not give a single damn about the thousand other mail addresses you
may have.
> So, what would you say if an injector started inserting References headers
> in articles where the subject started with "Re: "? You do know that that
> string is not allowed in any article other than a followup, don't you? And
> that the injector can tell that an article is a followup when it sees that
> string, don't you? And that References is a MANDATORY header in followups,
> don't you? So why can't the injector insert a header when it knows it is
> needed?
There is no existing practice in this case. There is for inserting
Sender, no matter how broken you think it is.
> Now, I realize that you may wish it otherwise, but the definitions of the
> headers found in the draft take precedence.
Good. However:
> "Entity that is posting an article" refers to a human being when I am the
> one posting an article. If you want to claim you aren't a human when you
> post, well, I can't help that.
I like to remind that the definitions apply to you as well. If you
want the draft to say "human beings", you should call for the language
being changed. Now it says "entity" which may mean "human being",
"account" or something else depending on the context.
It very obviously does not mean only "human being" - it such case we
would have used that expression.
Again, this is a sort of argumentation you should drop if you want to
convince me (and possibly other people on this list).
> >> Why are people so adamant that the newsserver must help spammers
> >> instead of helping the users?
>
> >Where did _anybody_ claim that?
>
> Well, I guess I expect people to think through the implications of their
> arguments. My bad. Here, I'll spell it out for you. ...
Yes, provided that this happens on a news server which hosts public
newsgroups.
In any case, I can't see anyone who think that news servers in general
should insert Sender. For my own part, I am only reckoning that in
some organizations this might be a desirable policy.
After all, John, you are not going to use all news servers in the world,
so if a few of them will insert a Sender it is not going to hurt you
anyway. If you have a problem with your local ISP doing it, then you
will find some other way to convince them that their policy is
inappropriate.
-- Erland Sommarskog, Stockholm, sommar@algonet.se