From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Thu Jan 03 2002 - 08:06:14 CST
In <Pine.LNX.3.91.1020102120451.29135E-100000@darkstar.prodigy.com> Bill Davidsen <davidsen@prodigy.com> writes:
>On Wed, 19 Dec 2001, Charles Lindsey wrote:
>> "Sender" has always been more of an mail thing than a news thing. In RFC
>> 2822, it MUST be present if there are two or more entities in the From,
>> and it SHOULD be present if the From is not the true originator (cue Brad
>> to say that RFC 2822 is forcing implementors to deny privacy rights). Who
>> is supposed to enforce this? Presumably the mailing agent rather than the
>> MTA, since mail has no equivalent of our injecting agent.
>>
>> Our draft contains neither that MUST nor that SHOULD, so it is left for
>> posting and injecting agents to do whatever they like. OTOH, Son-of-1036
>> had a very severe MUST for the case when the From could not be verified.
>> Does anybody want to change what we currently say?
>>
>> >> What now is the injecting agent to do when it sees both a From and a
>> >> Sender, and is not convinced about either?
>>
>> >Traditionally, replace the user-supplied Sender header with its own.
>>
>> Yes, Son-of-1036 said you MUST do that.
>>
>> I think I would like to change our draft at least to say that an injecting
>> agent MAY supply a Sender, or overwrite an existing one, since that seems
>> to be existing practice. Is that agreeable?
>The problem with strong wording is that it is likely to be read as
>requiring a "real" address when a munged From: is used to prevent address
>collection. I believe Son-of-1036 was written in less dangerous times.
Well I put that wording in of Dec 20th (and Seth, at least was happy with
it). But now I am not so sure, and I am minded to take it out again, even
though that will make Turnpike, and other systems that apply the RFC 2822
rules strictly, non-compliant (or does Turnpike not count as an
injector?). But my reason for taking it out is that I think Injector-Info
is the proper place for injectors to put that sort of stuff (assuming they
are determined so to do - Brad would rather they didn't).
BTW, the discussion on Injector-Info has gone quiet since I posted the
full text as it now stands a week or more ago. That is how it will remain
unless someone speaks up. I don't suppose Brad is happy yet (nor ever will
be), but I am slightly surprised that noone else wants to tinker further with
the various parameters as they now stand. For example whether the
posting-host parameter should allow some consistent, but secret,
substitution for the IP/domain-name (currently it doesn't, and Andrew has
spoken strongly about how useful it can be to know the true posting IP).
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5