On 2008-05-22 15:34:10 -0400, John Leslie wrote: > Peter J. Holzer <[EMAIL PROTECTED]> wrote: > > I think most people these days use web interface to subscribe to > > mailing-lists. People probably don't know their current BATV address, so > > a user will enter '[EMAIL PROTECTED]' into the web form. He will get > > the confirmation mail to this address, click on the confirmation url, > > and get all the mails delivered to this address. > > Note that the opt-in confirmation presumably _will_ contain a BATV- > coded MailFrom.
The user may not ever send a confirmation mail. For example, con confirmation requests sent by mailman look like this: | We have received a request from 192.0.2.7 for subscription of your | email address, "[EMAIL PROTECTED]", to the [EMAIL PROTECTED] | mailing list. To confirm that you want to be added to this mailing | list, simply reply to this message, keeping the Subject: header | intact. Or visit this web page: | | http://example.net/mailman/confirm/community/59cf758b185b8c0dc5487b58321fc83fbe042ede | [...] I am sure many users will confirm by clicking on the URL and not by replying to the message. So the mailing list software will not see the BATV-coded MailFrom. > > So it appears to work fine. Until he actually tries to send mail to the > > list - the mail comes from [EMAIL PROTECTED], which > > doesn't match the address he's subscribed with, so it will be rejected. > > To tell truth, that's broken. > > Requiring a MailFrom you've never seen isn't nearly as reasonable as > requiring a 2822-From you have seen. Actually, you haven't seen either a 2821-MailFrom or a 2822-From yet. What you have seen is a 2821-RcptTo (You know that this works because the user was able to click on the link in the message). > Nonetheless, if we observe such behavior in the wild, ezmlm is the canonical example. Ned tells us that his mailinglists use the envelope, too. I don't know if either uses a webbased subscription mechanism like mailman, but I suspect they do. > we should at the very least warn about it; and IMHO we should design > in a workaround. That's why I mentioned it. hp -- _ | Peter J. Holzer | It took a genius to create [TeX], |_|_) | Sysadmin WSR | and it takes a genius to maintain it. | | | [EMAIL PROTECTED] | That's not engineering, that's art. __/ | http://www.hjp.at/ | -- David Kastrup in comp.text.tex
signature.asc
Description: Digital signature
