Re: [Slashcode-general] help me test my new plugin

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

It seems to me that the more likely case is that a naive recipient will
hit the reply button to thank the (human) sender for forwarding the
story. If the From: header doesn't contain the human sender's address,
the reply will go awry and the recipient of the story won't understand
why. Indeed, he or she might never know that the reply had gone into the
bit bucket.

Your heart is in the right place, but understand that there are
thousands of ways for abusive senders to mailbomb unwilling recipients.
Messing with the headers isn't a good way to prevent that. Better ways
to minimize such mischief might be to limit the number of times per hour
that any IP block can access the form, or permit only logged-in users to
use it and take the From address from users.realemail, so at least
you'll know that the From address is valid.

Regards,

Roger

On Wed, 2002-03-27 at 15:57, Eric Goldhagen wrote:
> Roger,
> 
> Thanks for the link to the RFC, I will read it over.
> 
> My original thinking on the from address was this:
> It makes it easier for someone to request that we don't allow people 
> to email them from our system. Someone who is angry (and not 
> tech-savvy) will most likely just hit reply, and if someone is 
> abusing the system they most likely are putting someone else's 
> address in the sender's address field as well. The only thing known 
> for sure is that the email is from my system. To allow an unverified 
> address in the from field seemed like asking for trouble.
> 
> --Eric
> 
> 
> At 3:23 PM -0500 3/27/02, Roger H. Goun wrote:
> >Eric Goldhagen writes:
> > > My mailit plugin is running and although it is not as polished as I
> > > would like, it is online for a public beta test.
> > >
> > > http://info.interactivist.net
> > >
> > > any criticism / comments are welcome.
> >
> >Looks very nice. I recommend bringing the email headers that this plugin
> >generates into compliance with RFC 2822:
> >
> >    ftp://ftp.rfc-editor.org/in-notes/rfc2822.txt
> >
> >Specifically, the From: header should contain the email address provided
> >by the user who asked to have the message sent, and the Sender: header
> >should contain in...@in..., the mailbox of the actual
> >transmitter of the message.
> >
> >See Section 3.6.2. of RFC 2822 for details.
> >
> >Regards,
> >
> >Roger
> 
> ------------
> http://www.abcnorio.org
> http://www.interactivist.net
> http://www.autonomedia.org
> http://www.nomadlab.com