Received: from localhost (daemon@localhost) 
        by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id KAA09739; Wed, 26 Mar 1997 10:26:52 -0500
Received: by CS.UTK.EDU (bulk_mailer v1.7); Wed, 26 Mar 1997 10:24:04 -0500
Received:  
        by CS.UTK.EDU (cf v2.9s-UTK)
	id KAA09445; Wed, 26 Mar 1997 10:24:02 -0500
Received: from grinch.whoville.leftbank.com (grinch.leftbank.com [139.167.128.2]) 
        by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id KAA09435; Wed, 26 Mar 1997 10:23:55 -0500
Received: from zax.whoville.leftbank.com by grinch.whoville.leftbank.com
          via smtpd (for CS.UTK.EDU [128.169.94.1]) with SMTP; 26 Mar 1997 15:23:53 UT
Received: (from cos@localhost) by zax.leftbank.com (8.7.5/8.7.3/LeftBank-1.1/http://www.leftbank.com/) id KAA06071 for drums@cs.utk.edu; Wed, 26 Mar 1997 10:24:25 -0500 (EST)
From: Ofer Inbar <cos@leftbank.com>
Message-Id: <199703261524.KAA06071@zax.leftbank.com>
Subject: Re: Null reverse path on non-error messages
To: drums@cs.utk.edu
Date: Wed, 26 Mar 1997 10:24:24 -0500 (EST)
In-Reply-To: <199703260313.WAA20284@ig.cs.utk.edu> from "Keith Moore" at Mar 25, 97 10:13:34 pm
Organization: The Left Bank Operation - http://www.leftbank.com/
Reply-To: cos@leftbank.com
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

> Such a thing might be useful, but not by itself.
> People would just put apparently-valid addresses there.
> What we really need are rules like:
> 
> 1. MUST have a valid address in the MAIL FROM command.
>    (valid means you can send mail to it and it will get there)
> 2. MUST NOT use MAIL FROM:<> except for automatic responses
> 3. MUST NOT send mail from somebody else's address w/o (a) authorization
>    from that person and (b) putting your own address in the Sender 
>    header field
> 4. even if you use a pseudonym as a return address (whether MAIL FROM or 
>    Sender or From), you're still responsible for whatever you send.
> 
> I could see having DRUMS state something like #1 and #2, as being
> clarifications of existing protocol features.  #3 and
> #4 seem out of scope for this WG, but at least #1 and #2 are a step
> in the right direction.

If we make the rules too numerous and specific, circumstances will
overtake us and the rules will become burdensome limitations.  What
doesn't make sense now may make sense in the future, so it's better to
have rules that are more general and flexibly applied, rather than a
point-by-point list.

For rule #1: What if I'm writing email on behalf of my friend who does
not have an account - the email cannot be replied to.  I set the
Sender: to me, and I leave a comment in the From: with my friend's name.
Is that illegal?

For rule #2: Well, I can't think of any counterexamples right now, but
the wording still makes me uncomfortable.  Shouldn't it be something
like, "only where necessary to prevent loops in case of error", or
something like that.  It may not *always* be "automatic" responses
(whatever that means) that make this necessary...

  --  Cos (Ofer Inbar)  --  cos@leftbank.com  cos@cs.brandeis.edu
 The law, in its majestic impartiality, forbids the rich as well as the poor
 to sleep under bridges, to beg in the streets, and to steal bread.
                                --Anatole France