Re: [Evolution] Re: mail options

From: Nigel Metheringham <nigel metheringham dev intechnology co uk>
To: evolution lists ximian com
Subject: Re: [Evolution] Re: mail options
Date: Wed, 24 Aug 2005 08:59:38 +0100

On Tue, 2005-08-23 at 13:31 -0500, Ron Johnson wrote:

Return Receipt, Priority & Message Read Receipt are very useful
when used judiciously, and I'm glad they are being implemented.


If by return receipt you mean the Return-Receipt-To: header then this
should not be implemented under any circumstances.  Thankfully very few
MTAs handle this now because it is a serious security problem - for
example:-
      * Say I had put that header on this message.  However the address
        I put in there was not my address, but your address.  How many
        return receipts would you be getting from this list?  Say I had
        copied the original message to some of the *big* lists.
      * If I had put that header with a mailbox I own as the target I
        would now have the subscription address of all the list members
        (that would probably be a breach of EU Data Protection
        legislation, although working out who is the guilty party would
        be a problem).
      * I write a spamming worm of some sort.  Each message it sends has
        a Return-Receipt-To: header aimed at an anti-spam organisation.

Return-Receipt-To: was a serious problem more than 10 years back.  Its
not got any better.

        Nigel.
-- 
[ Nigel Metheringham           Nigel Metheringham InTechnology co uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]

Follow-Ups:
- Re: [Evolution] Re: mail options
  - From: Adam Tauno Williams

References:
- [Evolution] mail options
  - From: Riccardo Escher
- [Evolution] Re: mail options
  - From: Yavor Doganov
- Re: [Evolution] Re: mail options
  - From: Ron Johnson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]