Received: from localhost (daemon@localhost) 
        by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id PAA12574; Sun, 19 Jan 1997 15:13:02 -0500
Received: by CS.UTK.EDU (bulk_mailer v1.7); Sun, 19 Jan 1997 15:12:46 -0500
Received:  
        by CS.UTK.EDU (cf v2.9s-UTK)
	id PAA12533; Sun, 19 Jan 1997 15:12:45 -0500
Received: from dumbcat.codewright.com (dumbcat.codewright.com [204.94.187.130]) 
        by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id PAA12527; Sun, 19 Jan 1997 15:12:42 -0500
Received: from localhost.codewright.com by dumbcat.codewright.com (4.1/smail-24May90)
	id AA07262; Sun, 19 Jan 97 12:12:40 PST
To: DRUMS Mailing List <drums@cs.utk.edu>
Subject: Re: comments on draft-ietf-drums-MHRegistry-00.txt
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 19 Jan 1997 12:12:39 -0800
Message-Id: <7260.853704759@dumbcat.codewright.com>
From: Marco S Hyman <marc@dumbcat.codewright.com>

>> It also creates a security
>> problem -- someone can find out if you're on a mailing list by sending
>> mail to that list with a request for a "return receipt" from you.
>
>Just to clear up this misconception: Notice-Requested-Upon-Delivery-To
>produces a success notice back to the envelope sender. So your attack
>fails.

There is at least one type of mailing list (or possibly news-to-mail
gateway) software out there that delivers messages with the same
"MAIL From" as the original sender.  I discovered this when trying
to find out why an MH .maildelivery wouldn't file messages based upon
their source.

// marc