Hans Dieter Pearcey wrote:
I mean what the OP said he was using it for: running various commands when
messages are received.
But that can be something as soft as (as it turned out), a mailing list
response. Which was actually *my* first thought (unsurprisingly).
I'm not talking about whether or not this is a bug in E::A; I'm addressing the
design (flaws) of using E::A specifically and From header parsing generally to
do this kind of authentication.
I figure using it for authentication is just fine. It's how much
authorization you credit to that sort of authorization that matters.
I had, to be honest, figured by the time we got this grossly into the
future (thank you, SpamAssassin), we'd be seeing spambots smart enough
to recognize mailing lists, and to match up incoming "From" addresses
with the mailing list address to successfully forge from-a-subscriber
mails. But we haven't, which probably says more about the decline of
mailing lists than about the sophistication of spammers, so it's still
fairly safe to trust a From line that you recognize. At least, given
some other basic spam filtering has taken place.