From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Thu Jan 03 2002 - 08:21:34 CST
In <Pine.LNX.4.10.10201021112310.15614-100000@spock.peak.org> John Stanley <stanley@peak.org> writes:
>Charles Lindsey (chl@clw.cs.man.ac.uk):
>> Be warned, however, that some injecting agents which are able to
>> detect that the address does not belong to the poster may choose
>> to insert a Sender header (6.2) or some entry in an Injector-
>> Info header (6.19) which discloses the poster's true identity.
>This is still as unacceptable as the original text, for the same reason.
>Injecting agents are simply not capable of detecting, as a general case,
>that an email address does not belong to the connected user. Even those
>that require authentication are incapable of doing this. To imply that
>any of them CAN do this is simply and patently absurd.
No, that argument does not work. It is no use your saying that injecting
agents are "Not capable of detecting, as a general case...". Not all cases
are "general", and the plain fact is that some of them DO detect it and
act upon it (as has been reported in this thread), in spite of what you say.
A lot of systems that also act as mail agents in fact apply the RFC 2822
rules (which are much stricter than our draft). Turnpike is an example,
though I am not sure whether it counts as an "injecting agent" as we
define it.
That is not to say that our draft condones this practice. The paragraph
that you are complaining about is merely a *warning* to say that some
injectors MIGHT do it.
>>I think that now represents something which might actually happen,
>It is patently ridiculous to say it "might happen". It cannot happen.
Then how come it does happen?
>Charles Lindsey (chl@clw.cs.man.ac.uk):
>> except that it MAY alter a Sender
>> header (6.2) that it perceives to be incorrect ...
>> Is that OK?
>No. No. And no. Injecting agents cannot "perceive" anything. They cannot
>know. All they can do is guess, and they should not be guessing.
Well yes, I am now proposing to take that bit out again (see my reply to
Bill Davidsen), unless I hear screams from the other camp. But my main
reason for taking it out is that I think Injector-Info is a better place
to do it (for those injectors that insist on doing it somewhere).
But note that it is only *altering* an existing Sender header that I am
taking out. The general permission to add absent headers remains (though
there is another thread discussing that one).
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5