POV-Ray: Newsgroups: povray.off-topic: How should a ReplyTo: be handled by an OutOfOffice message?: Re: How should a ReplyTo: be handled by an OutOfOffice message?

POV-Ray : Newsgroups : povray.off-topic : How should a ReplyTo: be handled by an OutOfOffice message? : Re: How should a ReplyTo: be handled by an OutOfOffice message?		Server Time 29 Jul 2024 02:34:57 EDT (-0400)

From: andrel
Date: 19 Jul 2012 15:18:27
Message: <50085D84.5060106@gmail.com>

On 19-7-2012 3:05, clipka wrote:
> Am 19.07.2012 00:40, schrieb andrel:
>> On 18-7-2012 23:40, clipka wrote:
>>> Am 18.07.2012 21:13, schrieb andrel:
>>>> I am using a number of different e-mails. Sometimes I find it useful to
>>>> supply a ReplyTo: field. At our hospital e-mail is handled by a
>>>> Outlook2010 server, that will send out of office messages to the From:
>>>> field address and not the ReplyTo: . Today I noticed that also another
>>>> mail server (type unknown) does this. Anyone know if this behaviour is
>>>> correct, permitted, or a bug?
>>>
>>>  From RFC 5322 (emphasis added):
>>> --------------------------------------------------------
>>>     [...] When the "Reply-To:" field is present, it
>>>     indicates the address(es) to which the author of the message
>>> SUGGESTS
>>>     that replies be sent.
>>> --------------------------------------------------------
>>
>> Thanks, so it is from the permitted category. Silly but allowed.
>>
>> Any suggestion why you would prefer to not follow the suggestion?
>> Perhaps anything to do with SPAM?
>
> Might be. Verifying that the address in the "From:" field belongs to the
> sender of an e-mail is hard enough, but possible if people send their
> e-mail via their provider rather than directly to the destination.

There are some colleagues that I can not reach by their normal address 
because their server insists that every mail server that I tried (my own 
domain, my hospital, even google) does no reply in a way that satisfies 
that server. And I have had the same problem the other way around a few 
years ago, when we had to resort to faxing papers to review because our 
hospital refused the sender (without telling anybody, to make it worse).
So you do have a point, but it is even more complicated than you suggest 
here.

> Verifying that the address in the "Reply-To:" field belongs to the
> sender as well is next to impossible, because those are often addresses
> from different providers. So an evildoer could send out messages with
> faked Reply-To: field to an address that's currently served by an OOO
> assistant, in order to swamp some other e-mail recipient with mails. And
> if the OOO assistant quotes the original mail it can even be misused for
> full-fledged spamming.
>
> Another thing to remember is that the "Reply-To:" field is not only used
> for rerouting replies, but also to have copies of a reply automatically
> sent to other people to whom the topic may concern, as you can put
> multiple addresses in there. If a mail server's OOO assistant would
> indeed reply to all addresses in the "Reply-To:" field, it could quite
> easily be misused for DOS attacks - against itself or against some other
> mail server.

That all sounds reasonable. Makes me want to fake a from field with 
multiple addresses just to see how that is handled. But I won't.
Note that I do get e-mails from out of office and as undeliverable that
have a fake from field (i.e. mine).

All in all I think that for a (qualitatively) understaffed hospital like 
ours you have enough arguments that it might probably be least 
complicated to use the From: field. Thanks

-- 
tip: do not run in an unknown place when it is too dark to see the 
floor, unless you prefer to not use uppercase.

Post a reply to this message