Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : How should a ReplyTo: be handled by an OutOfOffice message? : Re: How should a ReplyTo: be handled by an OutOfOffice message? Server Time
29 Jul 2024 02:30:54 EDT (-0400)
  Re: How should a ReplyTo: be handled by an OutOfOffice message?  
From: clipka
Date: 18 Jul 2012 21:05:37
Message: <50075d61@news.povray.org>
 
Am 19.07.2012 00:40, schrieb andrel:
> On 18-7-2012 23:40, clipka wrote:
>> Am 18.07.2012 21:13, schrieb andrel:
>>> I am using a number of different e-mails. Sometimes I find it useful to
>>> supply a ReplyTo: field. At our hospital e-mail is handled by a
>>> Outlook2010 server, that will send out of office messages to the From:
>>> field address and not the ReplyTo: . Today I noticed that also another
>>> mail server (type unknown) does this. Anyone know if this behaviour is
>>> correct, permitted, or a bug?
>>
>>  From RFC 5322 (emphasis added):
>> --------------------------------------------------------
>>     [...] When the "Reply-To:" field is present, it
>>     indicates the address(es) to which the author of the message SUGGESTS
>>     that replies be sent.
>> --------------------------------------------------------
>
> Thanks, so it is from the permitted category. Silly but allowed.
>
> Any suggestion why you would prefer to not follow the suggestion?
> Perhaps anything to do with SPAM?

Might be. Verifying that the address in the "From:" field belongs to the 
sender of an e-mail is hard enough, but possible if people send their 
e-mail via their provider rather than directly to the destination. 
Verifying that the address in the "Reply-To:" field belongs to the 
sender as well is next to impossible, because those are often addresses 
from different providers. So an evildoer could send out messages with 
faked Reply-To: field to an address that's currently served by an OOO 
assistant, in order to swamp some other e-mail recipient with mails. And 
if the OOO assistant quotes the original mail it can even be misused for 
full-fledged spamming.

Another thing to remember is that the "Reply-To:" field is not only used 
for rerouting replies, but also to have copies of a reply automatically 
sent to other people to whom the topic may concern, as you can put 
multiple addresses in there. If a mail server's OOO assistant would 
indeed reply to all addresses in the "Reply-To:" field, it could quite 
easily be misused for DOS attacks - against itself or against some other 
mail server.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.