From: John Stanley (stanley@peak.org)
Date: Thu Jun 06 2002 - 14:35:12 CDT
Charles Lindsey (chl@clw.cs.man.ac.uk):
> I don't think such wording would fit into 6.2 (Sender), but 8.2.2 covers
> it, and 8.2.2 is now cross-referenced from the wording that John does not
> like in 5.2.
1. I see nothing in 5.2 that mentions 8.2.2.
2. 8.2.2 step 2 is wrong, for two reasons. It refers only to forged
addresses and not munged ones, and it continues the implication that an
injector can determine what address is not valid for a "trusted source".
Once again, "this is your address" is an entirely different problem than
"this is not your address", and failing the former is not a proof of
the latter.
3. Step 5 clearly says that the article MUST NOT be processed further if
it is unacceptable due to site policy. The use of an address other than a
site-mandated one in the From header is not a violation of this standard,
thus it can only be a site-policy issue. That means that any statement
that an injector MAY insert a Sender header if the From header does not
contain the one true address of the poster (i.e., does not conform to site
policy) is simply incorrect. The article is not to be processed further,
which means it is not injected.
> An injecting agent that inserts a Sender in that way is possibly broken
> (and certainly discouraged in 8.2.2).
Not "possibly", IS. It violates section 6.2 (Sender) and 8.2.2. In
particular, a MUST NOT provision of 8.2.2..
> But one that inserts the same
> information in an Injector-Info is not broken.
Um, yes, it is. Same reason. 8.2.2. step 5 says that articles that violate
site policy are to be rejected and MUST NOT be processed further. Whatever
it is in site policy that triggers a spammable address to be inserted
anywhere is a violation.
Ethically, it doesn't matter what you call the header with this
information. Call it Don't-Look-Here-For-Spammable-Addresses: or
Injector-Info or Sender. It's still the information the user has
explicitely excluded. If the injector cannot obey 8.2.2 step 5, then it is
broken.