Re: SPF = Sender Policy Framework

From: Mark Marcus (mark_at_agentnews.sales.xhome.us)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 06:55:48 -0700

On Wed, 22 Sep 2004 10:43:35 +0200, "Alexander W. Skwar"
<from@alexander.skwar.name> wrote:

>Maurice Janssen wrote:
>> In comp.os.linux.security, Alexander W. Skwar wrote:
>>
>>>Well, the envelope should match the headers. If there's a
>>>
>>>To: foo@serverA
>>>
>>>the envelope should contain
>>>
>>>RCPT TO foo@serverA
>>
>>
>> What if I send an email to someone@domain1.net with a CC to
>> somebody@domain2.net. The mail will be deliverd to the MX of
>> domain2.net with RCPT TO somebody@domain2.net while the To: header in
>> the DATA phase says To: someone@domain1.net.
>
>Well, you will deliver two mails.
>
>Server1:
>RCPT TO: someone@domain1
>To: someone@domain1
>Cc: somebody@domain2
>
>Server2:
>RCPT TO: somebody@domain2
>To: someone@domain1
>Cc: somebody@domain2
>
>> Ergo: no match.
>
>Wrong.
>
>Alexander Skwar

This is where those two problems come up: BCC and Groups/Mailing
Lists. Suppose that someone belong to a mailing list called "Stock
Automobiles"

RCPT TO someone@domain1
DATA
To: Stock Automobiles

No match, right? One can argue "well all they have to do is expand
the Group List..." but then that violates the inherent privacy for all
the members of the list and loses the information that the target was
the list.

Also consider the BCC:

RCPT TO someone@domain1
DATA
To: someone2@domain2

The argument I've heard was "well, don't use BCC." But that loses
functionality as described in RFC 822, RFC 2821, etc.

So like I said before, although the SMTP protocol can support this
type of matching, it really isn't workable. (By the way, we can't
translate BCC:'s to TO:'s because that flies in the face of RFC 2821).

Mark Marcus
Protect Your Email Address and Make Money too!
http://www.xhome.org My Sales Code is 22819

Relevant Pages

  • Re: SPF = Sender Policy Framework
    ... >RCPT TO: somebody@domain2 ... This is where those two problems come up: BCC and Groups/Mailing ... Lists. ... functionality as described in RFC 822, RFC 2821, etc. ...
    (comp.os.linux.misc)
  • Re: tcllib mime smtp proc sends BCC mail copies as attachments
    ... body to each recipient in the BCC list as for the TO list. ... secondary recipients and bcc recipients. ... RCPT per envelope), but each 'session' goes something like this: ... sensitive email lists to verify how their clients and servers work, ...
    (comp.lang.tcl)
  • Re: Outlook Express Group Mailings
    ... To use the BCC feature, In Create Mail, either ... Members, and then click a name from the Address Book list. ... To use a directory service, click Select Members, and then ... to send a single email to a group where the "To:" lists an individual ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: hiding / replace To: email addresses ...
    ... and when i get email all addresses are shown in header To: ... You are on the right lines, Bcc is the thing to use and it does go in the ... as first parameter to mail? ... from and possibly CC lists. ...
    (comp.lang.php)
  • =?Windows-1252?Q?Re:_Winsock-Erg=E4nzung_mit_BCC?=
    ... für cen BCC dann wohl ein RCPT TO: Header, also dort, wo heute "RCPT TO:" steht. ... Microsoft MVP Office Access ...
    (microsoft.public.de.access)