Aryeh Gregor wrote:
> On Sun, Jan 25, 2009 at 8:50 AM, Platonides <[email protected]> wrote:
>> The email should be at a From: header. Although I don't know if it's
>> logged or not.
>> In general, anyone responsible enough to set a From: header (with their
>> valid email) shouldn't get automatically blocked.
>
> A From: header? In HTTP? What standard specifies that header's
> existence and semantics? It's not at [[List of HTTP headers]].
I also thought that it was a confusion when I first saw it on HTTP
article at wikipedia.
RFC 2616 (HTTP/1.1) section 14.22
The From request-header field, if given, SHOULD contain an Internet
e-mail address for the human user who controls the requesting user
agent. The address SHOULD be machine-usable, as defined by "mailbox"
in RFC 822 [9] as updated by RFC 1123 [8]:
From = "From" ":" mailbox
An example is:
From: [email protected]
This header field MAY be used for logging purposes and as a means for
identifying the source of invalid or unwanted requests. It SHOULD NOT
be used as an insecure form of access protection. The interpretation
of this field is that the request is being performed on behalf of the
person given, who accepts responsibility for the method performed. In
particular, robot agents SHOULD include this header so that the
person responsible for running the robot can be contacted if problems
occur on the receiving end.
The Internet e-mail address in this field MAY be separate from the
Internet host which issued the request. For example, when a request
is passed through a proxy the original issuer's address SHOULD be
used.
The client SHOULD NOT send the From header field without the user's
approval, as it might conflict with the user's privacy interests or
their site's security policy. It is strongly recommended that the
user be able to disable, enable, and modify the value of this field
at any time prior to a request.
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
