PHP, etc. only give you a "from" field, and the language then parses that out as the envelope sender. The only solution would be to hand- code all of your SMTP connections, and when it's a choice between that and using a single-fire function called mail(), 99% of web coders are going to opt for the easier solution.
Maybe users of those broken libraries should go and file some bug reports.
That's fine for an open project like PHP (which actually has some "additional parameters" that can be used to set the envelope sender), but doesn't help with others like ASP (or php running in Windows, which doesn't use sendmail, since there isn't one in windows). Nor does it help that most web coders don't seem to use the envelope sender options even when they exist)
Besides, it's still technically incorrect for my bank (or an online petition site, or whatever) to address an email FROM me. I didn't send it -- I may have requested that it be sent, but I didn't send it. It should be sent FROM them, and indicate via the reply-to header that replies should be sent to me.
anyway, no matter how it boils down, it's a matter of making the users (in this case, web programmers) understand the issue and fix their practices.
And by now this has gotten way off topic, so I'll shut up now. I'm all for SPF integration in courier, but until more people catch on to good sending practices, I can't enable it (or unfortunately, the freemail for my own domain).
-Chris
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
