On 2024-02-12 at 14:23:39 UTC-0500 (Mon, 12 Feb 2024 20:23:39 +0100) Thomas Walter via mailop <[email protected]> is rumored to have said:
> Hey Bill, > > On 12.02.24 17:31, Bill Cole via mailop wrote: >> On 2024-02-12 at 07:13:13 UTC-0500 (Mon, 12 Feb 2024 13:13:13 +0100) >> Thomas Walter via mailop <[email protected]> >> is rumored to have said: >> >>> There are other issues with this though. For example you are exposing >>> information you might not want to. >> >> Beyond that, it would enable both malicious reflection attacks and improper >> diversion of mail with very little visibility. > > > I am not sure I understand your concerns, how would those work? The mail server providing the redirection may not be doing what the original address owner OR the owner of the address to which they are redirecting actually wants. Redirection could allow malicious server operators to direct 3rd parties to send unwanted mail to an unrelated victim or to send wanted mail which should be private to those from which it is meant to be kept secret. There is no standard way to record such a redirection in a Received header or any other header which would document why a message was routed in a particular way and no way for the sending system to validate that the redirection is benign. -- Bill Cole [email protected] or [email protected] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
