[EMAIL PROTECTED] wrote:
MUA's creating headers for their own internal purposes is a dangerous idea. But many do it. This may be the tip of the iceberg here.
Sure. Sending Outlook messages with flags, do-by dates, and "urgent"
status is an old trick. All those things are controlled by custom headers.
Maybe there's a way to protect headers from being pre-filled. How about
something like this?
Create header names spaces
Not-For-Transfer-*:
X-Not-For-Transfer-*:
header name space (the second is a subset of the existing X-*: namespace)
Modify the SMTP standard to the effect that MTAs MUST strip all
[X-]Not-For-Transfer-*: headers
I don't think this is an MTA-level problem. Why not just have the MUA
generate a random cookie for each account, similar to the "salt" Mozilla
uses for its cache directory, and use it as a prefix on all the headers
it creates? Then all headers that didn't have the right cookie could be
ignored. As long as the headers were stripped on bounced or forwarded
messages, spammers couldn't get hold of the cookie.