|
![](/i/fill.gif) |
Am 19.07.2012 00:40, schrieb andrel:
> On 18-7-2012 23:40, clipka wrote:
>> Am 18.07.2012 21:13, schrieb andrel:
>>> I am using a number of different e-mails. Sometimes I find it useful to
>>> supply a ReplyTo: field. At our hospital e-mail is handled by a
>>> Outlook2010 server, that will send out of office messages to the From:
>>> field address and not the ReplyTo: . Today I noticed that also another
>>> mail server (type unknown) does this. Anyone know if this behaviour is
>>> correct, permitted, or a bug?
>>
>> From RFC 5322 (emphasis added):
>> --------------------------------------------------------
>> [...] When the "Reply-To:" field is present, it
>> indicates the address(es) to which the author of the message SUGGESTS
>> that replies be sent.
>> --------------------------------------------------------
>
> Thanks, so it is from the permitted category. Silly but allowed.
>
> Any suggestion why you would prefer to not follow the suggestion?
> Perhaps anything to do with SPAM?
Might be. Verifying that the address in the "From:" field belongs to the
sender of an e-mail is hard enough, but possible if people send their
e-mail via their provider rather than directly to the destination.
Verifying that the address in the "Reply-To:" field belongs to the
sender as well is next to impossible, because those are often addresses
from different providers. So an evildoer could send out messages with
faked Reply-To: field to an address that's currently served by an OOO
assistant, in order to swamp some other e-mail recipient with mails. And
if the OOO assistant quotes the original mail it can even be misused for
full-fledged spamming.
Another thing to remember is that the "Reply-To:" field is not only used
for rerouting replies, but also to have copies of a reply automatically
sent to other people to whom the topic may concern, as you can put
multiple addresses in there. If a mail server's OOO assistant would
indeed reply to all addresses in the "Reply-To:" field, it could quite
easily be misused for DOS attacks - against itself or against some other
mail server.
Post a reply to this message
|
![](/i/fill.gif) |