From: Shmuel (Seymour J.) Metz (Shmuel+gen@patriot.net)
Date: Mon Feb 04 2002 - 00:51:27 CST
In <20020203163343.19883.qmail@wilhelmina.algonet.se>, on 02/03/2002
at 04:33 PM, sommar-usefor@algonet.se (Erland Sommarskog) said:
>Note here that any adderss I may have elsewhere is irrelevant.
No. It is valid to post with any of your addresses.
>If it can't
>verify, it will insert one of the addresses it knows about,
>according to some default scheme.
I don't normally agree with John Stanley on much, but in this case he
is right. If I post with an address that I own, the server has no
business slapping a bogus Sender Header in my article. Sender is only
intended for the case where the From address is not owned by the
sender. It's not enough that the server can't verify that the From
belongs to the sender; it must be able to verify that the from
*doesn't* belong to the sender.
Further, inserting the Sender exposes the user to harvesting.
--
-----------------------------------------------------------
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2
Team OS/2
Team PL/I
-----------------------------------------------------------