Re: recent spam to this list

[Andreas Metzler <ametzler@downhill.at.eu.org>]

Julian Mehnle <lists@mehnle.net> wrote:
> Andreas Metzler wrote:
>> Julian Mehnle <lists@mehnle.net> wrote:
>> > It's about forging an e-mail sender's identity.  By preventing the
>> > unauthorized use of domains as the sender domain of e-mails, most of
>> > the practiced cases of identity forgery are prevented. [...]

>> If I send an e-mail over mail.nusrf.at with envelope-from
>> ametzler@logic.univie.ac.at I am _not_ forging anything or making
>> "unauthorized use of domains"

> Yes, you are.  The envelope-from address is not a reply-to address,
> it's a sender address.  If you are sending from mail.nusrf.at, you
> are not sending from logic.univie.ac.at.  So you should not specify
> <ametzler@logic.univie.ac.at> as the envelope-from address, or you'd
> be forging it.

No, I am just specifying where I want bounces to go to.

      MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF>

   This command tells the SMTP-receiver that a new mail transaction is
   starting and to reset all its state tables and buffers, including any
   recipients or mail data.  The <reverse-path> portion of the first or
   only argument contains the source mailbox (between "<" and ">"
   brackets), which can be used to report errors.

That is practically all there is in rfc2821 about this issue.
              cu andreas