Re: Accidental spoofing -> Re: [gentoo-dev] We Are All wltjr On This Blessed Day

[Aaron W. Swenson]

On 2017-12-05 10:51, Georg Rudoy wrote:
> From and Reply-To are two separate fields.

Yes, but that wasn’t what was being discussed. I was giving an example
as to why the From field should be editable in an email client.

I’ll set the Reply-To for emails to be directed to the proper contact
point, but it’s nonsensical to say it’s coming from a human point of
contact when it’s an “automated” message.

The Reply-To still wouldn’t be m...@example.com either. Rather, it’d be set to
customer-serv...@example.com, or whatever it needs to be. donotreply is
a succinct way of communicating that the recipient doesn’t or shouldn’t
have to reply to the email and that it’s an automated email.


signature.asc
Description: Digital signature

Re: Accidental spoofing -> Re: [gentoo-dev] We Are All wltjr On This Blessed Day

[Georg Rudoy]

On 05.12.17 at 15:14 user Aaron W. Swenson  wrote:
> One reason is to send from a nonexistent account to avoid getting
> replies in the first place.

>From and Reply-To are two separate fields.

But that, of course, depends on the way bans are implemented in the
maillist management software.


-- 
  Georg Rudoy

Re: Accidental spoofing -> Re: [gentoo-dev] We Are All wltjr On This Blessed Day

[Aaron W. Swenson]

On 2017-12-04 18:08, William L. Thomson Jr. wrote:
> On Mon, 4 Dec 2017 18:01:39 -0500
> "William L. Thomson Jr."  wrote:
> 
> > On Mon, 4 Dec 2017 14:43:15 -0800
> > Matt Turner  wrote:
> > >
> > > Sorry. I think I was confusing a number of irritating things you've
> > > done: email spoofing,  
> > 
> > That was a complete accident due to a new version of Kmail that had
> > the from field editable by default. It was NOT intentional. Not the
> > 1st time. The 2nd time was for confirmation. I was in disbelieve such
> > abuse was even possible with @gentoo.org addresses. That was a
> > shocking discovery given I have administrated mail severs for quite
> > some time. In part why I use ASSP.
> 
> I filed a bug with KDE on that but of course went WONTFIX. I think its
> horrible as it allows people to spoof, spam and do bad things...
> 
> Make From field in the composer read only
> https://bugs.kde.org/show_bug.cgi?id=373313
> 
> Me personally I would never make software or change it to allow people
> to make such a mistake. Others felt differently. I stopped using
> Kmail2. I use Claws-mail now, but it also has editable from field :(
> 
> Email clients should only allow email address that are in configured
> accounts. But that is my opinion. Others seem to feel differently. I
> cannot see any good reasons for such really.

One reason is to send from a nonexistent account to avoid getting
replies in the first place.

Like donotre...@example.com for order updates, confirmation emails, and
so on. A person doesn’t actually exist behind the email, but emails have
to say they’re coming from somewhere. And, a properly setup SMTP server
will need an credentials to send those email. If donotreply doesn’t
exist, then the account setup will (probably) have an email address that
differs from the one that’s used to compose the email.

I use it myself when I need to inform our customers about a change. I
don’t want to field hundreds of email personally, so I change the from
address.

So, email clients most definitely should allow an individual to change
the from field. It’s a good thing. But, like any other tool, it can be
used improperly.


signature.asc
Description: Digital signature

Accidental spoofing -> Re: [gentoo-dev] We Are All wltjr On This Blessed Day

[William L. Thomson Jr.]

On Mon, 4 Dec 2017 18:01:39 -0500
"William L. Thomson Jr."  wrote:

> On Mon, 4 Dec 2017 14:43:15 -0800
> Matt Turner  wrote:
> >
> > Sorry. I think I was confusing a number of irritating things you've
> > done: email spoofing,  
> 
> That was a complete accident due to a new version of Kmail that had
> the from field editable by default. It was NOT intentional. Not the
> 1st time. The 2nd time was for confirmation. I was in disbelieve such
> abuse was even possible with @gentoo.org addresses. That was a
> shocking discovery given I have administrated mail severs for quite
> some time. In part why I use ASSP.

I filed a bug with KDE on that but of course went WONTFIX. I think its
horrible as it allows people to spoof, spam and do bad things...

Make From field in the composer read only
https://bugs.kde.org/show_bug.cgi?id=373313

Me personally I would never make software or change it to allow people
to make such a mistake. Others felt differently. I stopped using
Kmail2. I use Claws-mail now, but it also has editable from field :(

Email clients should only allow email address that are in configured
accounts. But that is my opinion. Others seem to feel differently. I
cannot see any good reasons for such really.

-- 
William L. Thomson Jr.


pgpUDnCxn4EyP.pgp
Description: OpenPGP digital signature