Re: [Gnu-arch-users] [OT] the dangers of no reply-to munging

[Jan Harkes]

On Wed, Aug 20, 2003 at 07:18:37AM -0700, Robert Anderson wrote:
> On Wed, 2003-08-20 at 00:52, Miles Bader wrote:
> > But if you'll read what I wrote above again, it doesn't really matter.
> > When the majority of Reply-To headers are munged, but a few aren't, then
> > you put the onus on the reader to notice that situation and get it right
> 
> Gah!  You're bringing a bias to this discussion that your way is right,
> and munging is wrong, and therefore the only "noticing" that has to be
> done is when the headers are munged.  But that's silly, I think, because
> most lists are munged.  I only have to "notice" on lists that aren't. 
> The argument is completely valid in either direction - it's just a
> matter of what you're used to.
...
On Wed, Aug 20, 2003 at 12:22:20AM -0700, Robert Anderson wrote:
> On Tue, 2003-08-19 at 12:38, Jan Harkes wrote:
> > Let's assume I intentionally wanted to respond to you in private with
> > this email, f.i. when I try to ask a stupid question and do not want
> > to look like a complete fool on the mailing list.
> > 
> > At the moment I can just hit reply-to and everything works fine...
> 
> This argument can be turned around for the _common case_ of replying to
> the _list only_.  In fact, that's what I do 99.9% of the time.  So,
> frankly, this whole line of reasoning leaves me totally cold and
> somewhat perplexed at the insistence that I should care about it.

Spam and viruses are getting more agressive, and are often sent with
forged from: or sender: headers. Receiving email systems are starting to
validate these headers to make sure that the ip-address of the sending
host resolves to either the same domain or is a known MX (mail exchange)
for that domain. Anything that doesn't match is automatically rejected.
It is also important for bounces to have an accurate sender address at
the time of the smtp transaction.

The logic behind this is not bad, the current SoBig outbreak would have
been mostly contained and even those annoying virus alert bounces would
have ended up in the right mailboxes.

However outgoing email either has to be relayed through a machine with a
fixed hostname/ip or it has to be sent with the sender address that
matches the hostname of the machine. However for many machines this
hostname changes whenever a new DHCP lease is acquired, or the machine
might only have intermittent network connectivity.

A mail relay is easily misconfigured and can be abused, and the dynamic
or temporary DNS name assigned by DHCP is not appropriate as a long-term
return address. On top of this only trusted users are allowed to modify
the from address and not everyone has the necessary administrative
access to change such a thing.

The only way other way that an end user can make sure that replies can
be sent back to him is by setting the Reply-To: header. Now if the
mailinglist throws away this information and happens to use it for it's
own purposes it is impossible to send a private reply. In other words
simply discarding the information provided by Reply-To is very much
harmful.

Does that make _any_ sense?

Jan