-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
I noted that the confirmation is sent to envelope sender, which is right. Also, the confirmation is done *on* the envelope sender address. I think that the confirmed address should be taken from "From: " or "Reply-to" headers, not from envelope sender. This causes problem, when two users use TMDA and one of them has a dated envelope sender (as I do). If he/she gets a confirmation request, he will respond, then the receiving end will confirm the dated address, not the sender address. For example, I send a message to an unknown TMDA user. I have configuration where my envelope sender address is dated, and "From:" header is i my real email address. As a reply, I get a confirmation message to the dated address, which will pass through. Unfortunately, when I respond the message, it will confirm my *dated* address, not my real email address.. This has really happened. My opinion is that the confirmation should confirm the address that is in the "From" header (or "Reply-to"?), not the envelope sender. Is there any reason to confirm the envelope sender? Security? Someone could confirm other people's email? BTW.. another solution would be to confirm addresses without the added extra '+dated..' part. But since the delimiter is not a standard, the receiving end would not know what is the sender's delimiter.. - -- Send replies to: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAOI20uA3ghgc3fUsRAuwDAKCYpcJ68xwbkIDBIXgR6gjCQKbesACgnj/u NASTw0j/V+aJiVLA5KzanS4= =FmUJ -----END PGP SIGNATURE----- _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
