bob@MorningStar.Com (Bob Sutterfield) (03/11/91)
By an unreplyable address, I mean an address to which mail cannot be sent, but which is found in the From: or Reply-To: header line of a mail or news message. Common and obvious examples are simply malformed non-addresses (e.g. joe@undotted-name or site!joe or joe%site); but more subtle ones include well-formed addresses that are continually inaccessible, such as those for which valid MX records are available but which direct the SMTP socket toward an un"connected" network (e.g. pentagon-ai.army.mil). The only explicit reference I can find to unreplyable From: lines is in RFC1123, section 5.3.7(D) of the discussion of gatewaying between the Internet and other mail systems, where we find that `... all addresses ... must be effective and useful for sending replies.' (Note that 5.3.7 discusses mail that crosses mail network boundaries, but not Internet-only mail!) This is at least a bit more explicit than RFC822, section 4.4.1 of the discussion of the From: field, where we see that `... addresses in the "From" field must be machine-usable (addr-specs) ...' One might broadly interpret "machine-usable" to mean "accessible via SMTP and the DNS", but that seems to be stretching the interpretation a bit further than most Talmudic scholars of the RFCs would prefer. I think that most mail users and administrators would agree that unreplyable From: or Reply-To: lines are Wrong. Why is there no stronger and more specific prohibition?
tneff@bfmny0.BFM.COM (Tom Neff) (03/11/91)
In article <BOB.91Mar10163331@volitans.MorningStar.Com> bob@MorningStar.Com (Bob Sutterfield) writes: >I think that most mail users and administrators would agree that >unreplyable From: or Reply-To: lines are Wrong. Why is there no >stronger and more specific prohibition? It seems impracticable to burden every forwarding agent with the responsibility of verifying origination headers. The locus of prohibition should be the sender's site, where verification is inexpensive and sanctions are immediate and least-disruptive. Let us see a rundown of the most common kinds of unreplyable origination header, along with where they come from and what causes them. Then the right thing to do will suggest itself.