As I was thinking more about this thread, something occurred to me.
I wondered, what about external sources that generate email on behalf of a
user, where the user keys in their email address as the sender... For
example, sites that let you send "E-Cards" and such, where you type in your
address as the sender. If one of my users did something like that, would
the rule discussed in this thread reject the mail as "forged"?
I looked specifically at the American Greetings site, at their e-cards, and
sent myself a test e-card, to observe the header I would receive. That site
puts a "Sender:" line in the header just before the "From:" line, like this:
Sender: <[EMAIL PROTECTED]>
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
My email client displays it as:
From: [EMAIL PROTECTED]; on behalf of; Cormack, Ken
Looking at my log entries for this email, I was pleasantly surprised to see
that sendmail and/or MIMEDefang, are recording the "Sender:" as the $sender,
and I assume that if "Sender:" is not present, "From:" is used by MD as
$sender, as that is what I've seen logged and evaluated in the past.
Could anyone validate this observation?
I'm trying to think of ways that legitimate emails might be broken by
implimenting the rule discussed in this thread (such as one of my users
having a third-party web-site generate an email on behalf of the user.)
Ken
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
