Re: recent spam to this list

To: debian-devel@lists.debian.org
Subject: Re: recent spam to this list
From: Michael Poole <mdpoole@troilus.org>
Date: Mon, 13 Oct 2003 09:57:22 -0400
Message-id: <[🔎] 87smlxqlz1.fsf@sanosuke.troilus.org>
In-reply-to: <[🔎] EHEOIEJMBFBKCKMPHFJKKEIDEFAA.lists@mehnle.net> (Julian Mehnle's message of "Mon, 13 Oct 2003 15:29:42 +0200")
References: <[🔎] EHEOIEJMBFBKCKMPHFJKKEIDEFAA.lists@mehnle.net>

Julian Mehnle writes:

> Don't you agree on my understanding of a sender address (or source
> mailbox) being the address (or source mailbox) the sender sends
> from?  If so, please state it explicitly, so I have something I can
> argue against. :-)

Mail is not sent from any particular address at all; it is sent by a
person or program.  It is delivered to one or more addresses.  The
From: address and SMTP and envelope sender addresses are for human
understanding and status reporting.

Forgery generally means to create written authorization that shows
false provenance.  A user who indicates status messages should go to
his own address is not forging that address, even if it is not an
obvious address given the user's hostname.

It probably is useful to perform checks on those addresses, to verify
that the administrator of the domain allows the sender to claim an
identity under the domain.  If such an authorization check fails,
forgery is just one possible explanation.

Michael

Reply to:

Follow-Ups:
- RE: recent spam to this list
  - From: "Julian Mehnle" <lists@mehnle.net>

References:
- RE: recent spam to this list
  - From: "Julian Mehnle" <lists@mehnle.net>

Prev by Date: Re: Packaging sysfsutils: static library?
Next by Date: reiser on /, fsck and ro: bug?
Previous by thread: RE: recent spam to this list
Next by thread: RE: recent spam to this list
Index(es):
- Date
- Thread