Julian Mehnle wrote: > Andreas Metzler wrote: > > Julian Mehnle <[EMAIL PROTECTED]> wrote: > > > It's about forging an e-mail sender's identity. By preventing > > > the unauthorized use of domains as the sender domain of e-mails, > > > most of the practiced cases of identity forgery are prevented. > > > [...] > > > > If I send an e-mail over mail.nusrf.at with envelope-from > > [EMAIL PROTECTED] I am _not_ forging anything or making > > "unauthorized use of domains" > > Yes, you are. The envelope-from address is not a reply-to address, > it's a sender address. If you are sending from mail.nusrf.at, you > are not sending from logic.univie.ac.at. So you should not specify > <[EMAIL PROTECTED]> as the envelope-from address, or you'd > be forging it.
OK, I think I've thought of a sort of a counter-example: -------- I have a private server, and an account there. I have a friend with a private server, but I do NOT have an account on that box. (Unlikely but possible; I can think of one real-world case amongst people I know running private servers.) While at a LAN party at that friend's place, I check my mail on my server, and decide I want to reply to some of the messages. Since we're both on semi-dynamic IPs (connected 24/7, but not formally assigned static IP addresses), I haven't allowed SMTP relay from the IP my friend's server is on, because I don't really know what it is today/this week/this month. But his server allows relay mail from machines on his private network, so I use his server as a relay for my mail. I'm sending "from" myfriendsdomain.com's server, but I don't have an account there. I do, however, have an account [EMAIL PROTECTED] on my own server- to which I want all replies/bounces/etc to go to. -------- I'm not sure this actually has any direct relevance to this dicussion (which I gather is about a DNS-ish way to restrict which machines can relay mail for any particular domain, according to the wishes of that domain owner), but I think it might be a useful example. -kgd -- <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
