Margulies@CISL-SERVICE-MULTICS.ARPA ("Benson I. Margulies") (08/30/84)
Proposition: To the extent that a mailsystem is secure, that security is asssured by careful maintenance of envelope information by servers. If this statement is correct, then it follows: The presence of a Sender field prepared by the sending agent in the text is a convienience to aid in replies, but is not any good for security. Thus, a mail reading program should by default show the From field, which is the sender's advertised name, and the Envelope Sender in formation, which is the trustworthy name. The Sender field should only be used to send replies, or if the user explicitly asks after it. Is this consistent with other people's interpretations? --benson