--On Sunday, 17 June, 2007 20:28 -0400 "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
>
> Robert A. Rosenberg wrote:
>
>> Given the single-mailbox constraint, the exposure of the
>> address in a for clause, should be a non-issue no matter how
>> the address ended up in the RCPT-TO envelope list (Address in
>> To/Cc/Bcc or via a mailing list subscribe) since the message
>> is being delivered to that single mailbox not more than one
>> mailbox at that domain.
>
> I gave an admittedly-contrived example of how this could be a
> major issue:
>
> MAIL FROM:<[EMAIL PROTECTED]>
> RCPT TO:<[EMAIL PROTECTED]>
> DATA
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Memo about stock-option vesting
>
> ...
>
>
> In other words, you may not want members of an alias to know
> which alias they're on.
But doesn't the current (as of 2821) warning under Security
Considerations adequately cover this case? If not, what
language would you suggest?
john
