On Thu, 30 Nov 2000, Samuel W. Heywood wrote: > > This is desirable. Imagine you're running an ISP and your > > customers can simply change their e-mail names at will. Many > > would believe they could send anonymous mail, and might be tempted > > to send spam under an assumed name, which you, the administrator > > would then have to deal with. > > <snip> > > Most email clients, including Arachne's Insight mailer will allow a sender > to change whatever appears in the "From" line. Doing this does not easily > enable one to get away with sending SPAM. The real email address of the > sender can be readily traced simply by examining the "full message headers". I didn't say it *would* allow it... only that it would lead some users to *believe* they could. That would inevitably lead to the admin having to respond to more complaints, and having to cancel more accounts. Would it be a significant number? Probably not. > There exist some perfectly legitimate reasons for one's wanting to change > his email address as it appears in the "From" line. Of course you're right... However, even with pine the way it is now, you could change your From: address to <$USER>@anything.you.want.invalid. Only the $USER part is immutable. > Suppose for example that you want to post a message to a newsgroup. Does anyone actually use pine for newsgroups??? ;-) > You wouldn't want a > spambot to easily harvest your email address simply by reading all the > "From" lines. If I wanted to post to a newsgroup, then it might make sense > to use as a "From" line "[EMAIL PROTECTED]". Instead, use [EMAIL PROTECTED], or even [EMAIL PROTECTED] again, both are possible with pine the way it is now. In the first example, the mail will never actually be sent because the shentel.net DNS won't have a valid IP listing for that name. In the second, the spammer's SMTP server won't even attempt to lookup the IP because it recognizes that .invalid as a top level domain is impossible. As I understand it, .invalid is the only top level domain with that distinction. In your example, all mail will be sent to shentel.net which will have to receive, parse, and bounce it with an attached "no such user" message. Your ISP still has to deal with the spam, even though such "dealing" is automated. Large volumes of that kind of mail can still load the servers. - Steve
