RE: recent spam to this list
Andreas Metzler wrote:
> Julian Mehnle <firstname.lastname@example.org> wrote:
> > Andreas Metzler wrote:
> > > If I send an e-mail over mail.nusrf.at with envelope-from
> > > email@example.com I am _not_ forging anything or making
> > > "unauthorized use of domains"
> > Yes, you are. The envelope-from address is not a reply-to address,
> > it's a sender address. If you are sending from mail.nusrf.at, you
> > are not sending from logic.univie.ac.at. So you should not specify
> > <firstname.lastname@example.org> as the envelope-from address, or you'd
> > be forging it.
> No, I am just specifying where I want bounces to go to.
> MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF>
> This command tells the SMTP-receiver that a new mail transaction is
> starting and to reset all its state tables and buffers, including any
> recipients or mail data. The <reverse-path> portion of the first or
> only argument contains the source mailbox (between "<" and ">"
> brackets), which can be used to report errors.
There you have it. It's the "source mailbox", and while it can be used to report errors, it can *not only* be used to report errors. I'm relieved that the RFC doesn't contradict my common sense understanding of a "sender address".