Re: [Evolution] Re: mail options

On Tue, 2005-08-23 at 13:31 -0500, Ron Johnson wrote:
Return Receipt, Priority & Message Read Receipt are very useful
when used judiciously, and I'm glad they are being implemented.

If by return receipt you mean the Return-Receipt-To: header then this
should not be implemented under any circumstances.  Thankfully very few
MTAs handle this now because it is a serious security problem - for
      * Say I had put that header on this message.  However the address
        I put in there was not my address, but your address.  How many
        return receipts would you be getting from this list?  Say I had
        copied the original message to some of the *big* lists.
      * If I had put that header with a mailbox I own as the target I
        would now have the subscription address of all the list members
        (that would probably be a breach of EU Data Protection
        legislation, although working out who is the guilty party would
        be a problem).
      * I write a spamming worm of some sort.  Each message it sends has
        a Return-Receipt-To: header aimed at an anti-spam organisation.

Return-Receipt-To: was a serious problem more than 10 years back.  Its
not got any better.

[ Nigel Metheringham           Nigel Metheringham InTechnology co uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]