On Tue, 2005-08-23 at 13:31 -0500, Ron Johnson wrote:
> Return Receipt, Priority & Message Read Receipt are very useful
> when used judiciously, and I'm glad they are being implemented.
If by return receipt you mean the Return-Receipt-To: header then this
should not be implemented under any circumstances. Thankfully very few
MTAs handle this now because it is a serious security problem - for
example:-
* Say I had put that header on this message. However the address
I put in there was not my address, but your address. How many
return receipts would you be getting from this list? Say I had
copied the original message to some of the *big* lists.
* If I had put that header with a mailbox I own as the target I
would now have the subscription address of all the list members
(that would probably be a breach of EU Data Protection
legislation, although working out who is the guilty party would
be a problem).
* I write a spamming worm of some sort. Each message it sends has
a Return-Receipt-To: header aimed at an anti-spam organisation.
Return-Receipt-To: was a serious problem more than 10 years back. Its
not got any better.
Nigel.
--
[ Nigel Metheringham [EMAIL PROTECTED] ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
_______________________________________________
evolution maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/evolution
