|
![](/i/fill.gif) |
On 19-7-2012 3:05, clipka wrote:
> Am 19.07.2012 00:40, schrieb andrel:
>> On 18-7-2012 23:40, clipka wrote:
>>> Am 18.07.2012 21:13, schrieb andrel:
>>>> I am using a number of different e-mails. Sometimes I find it useful to
>>>> supply a ReplyTo: field. At our hospital e-mail is handled by a
>>>> Outlook2010 server, that will send out of office messages to the From:
>>>> field address and not the ReplyTo: . Today I noticed that also another
>>>> mail server (type unknown) does this. Anyone know if this behaviour is
>>>> correct, permitted, or a bug?
>>>
>>> From RFC 5322 (emphasis added):
>>> --------------------------------------------------------
>>> [...] When the "Reply-To:" field is present, it
>>> indicates the address(es) to which the author of the message
>>> SUGGESTS
>>> that replies be sent.
>>> --------------------------------------------------------
>>
>> Thanks, so it is from the permitted category. Silly but allowed.
>>
>> Any suggestion why you would prefer to not follow the suggestion?
>> Perhaps anything to do with SPAM?
>
> Might be. Verifying that the address in the "From:" field belongs to the
> sender of an e-mail is hard enough, but possible if people send their
> e-mail via their provider rather than directly to the destination.
There are some colleagues that I can not reach by their normal address
because their server insists that every mail server that I tried (my own
domain, my hospital, even google) does no reply in a way that satisfies
that server. And I have had the same problem the other way around a few
years ago, when we had to resort to faxing papers to review because our
hospital refused the sender (without telling anybody, to make it worse).
So you do have a point, but it is even more complicated than you suggest
here.
> Verifying that the address in the "Reply-To:" field belongs to the
> sender as well is next to impossible, because those are often addresses
> from different providers. So an evildoer could send out messages with
> faked Reply-To: field to an address that's currently served by an OOO
> assistant, in order to swamp some other e-mail recipient with mails. And
> if the OOO assistant quotes the original mail it can even be misused for
> full-fledged spamming.
>
> Another thing to remember is that the "Reply-To:" field is not only used
> for rerouting replies, but also to have copies of a reply automatically
> sent to other people to whom the topic may concern, as you can put
> multiple addresses in there. If a mail server's OOO assistant would
> indeed reply to all addresses in the "Reply-To:" field, it could quite
> easily be misused for DOS attacks - against itself or against some other
> mail server.
That all sounds reasonable. Makes me want to fake a from field with
multiple addresses just to see how that is handled. But I won't.
Note that I do get e-mails from out of office and as undeliverable that
have a fake from field (i.e. mine).
All in all I think that for a (qualitatively) understaffed hospital like
ours you have enough arguments that it might probably be least
complicated to use the From: field. Thanks
--
tip: do not run in an unknown place when it is too dark to see the
floor, unless you prefer to not use uppercase.
Post a reply to this message
|
![](/i/fill.gif) |