On 14 Oct 2016, at 17:24, Petr Bena wrote:

Also I don't understand why mailing lists /have to/ work this way. I
know it's long-time established standard just like e-mails, but flawed
and people are abusing it, because it's extremely easy to do that.


Welcome to the Internet: where almost every seemingly strange standard practice is well-documented in a decades-old series of documents, many of which get new revisions every few years but which almost no one reads because they are too technically dense... RFC5598 (https://tools.ietf.org/html/rfc5598) is a great one that pulls together a lot of the info from more technically specific email-related RFCs into a Big Picture, but it's a bit longer than the average Tweet.

The RFC5321.MailFrom address is the address to which delivery failure messages are sent by MTAs. It makes sense for this to match the RFC5322.From for person-to-person messages but not for mailing lists, where the original authors of messages don't care much about the deliverability of their messages to each and every list member, while the list admin should care but rarely cares enough to handle all the bounces manually. Usually a mailing list RFC5321.MailFrom is unique to each message and recipient, so that bounces can be processed and reacted to by the mailing list software instead of requiring a human to figure out their provenance and decide whether a list member has been bouncing enough to be unsubbed. The human list members, on the other hand, want their MUAs to show them who the human author of a message is, canonically the RFC5322.From address. Complicating matters, different lists have different purposes and cultures, such that in many cases it makes the most sense for members to reply on-list but in others most or all replies should be off-list. Tangling it up even more, those pesky humans using mailing lists vary such that some prefer getting and/or sending replies off-list, some prefer on-list, and others perniciously insist on using "Reply All" and get snippy when others don't share their obsession with getting duplicates of messages replying to them.

Shorter: mailing lists work this way because decades ago, people tried simpler approaches and ran into various annoying edge and corner cases where simpler ways needed tweaking.


Mailing list daemon doesn't have to pretend that e-mail was sent by me
or someone else, it could as well send it from its own address
users@spamassassin.apache.org and write somewhere else that the mail was
sent by me to this list - in fact it could even hide the email or
somehow obfuscate it and keep just my real name, so that people wouldn't
be able to send spam in there.

Some mailing lists are starting to do that in response to the attempt by Yahoo and others to kill off open-access mailing lists with their "p=reject" DMARC policies. Many users hate that munging, because it means that their MUAs no longer can readily reply off-list, while merrily showing the sender UI clues that they are doing so.

Reply via email to