On 4/11/19 6:57 PM, Patrick wrote:
Alternatively, accountability could be increased by marking the From address as do-not-reply and setting Reply-To with a subaddress,
How does that add accountability? I feel like it's still subject to address harvesting.
e.g.
b...@example.com -> filtered to spam
bob+megac...@example.com -> delivered to inbox
Unfortunately too many MegaCorps balk at the "+" in the email address. Or at least WAY TOO MANY web forms do.
If non-MegaCorp email arrives at bob+MegaCorp, the damage can be contained by filtering bob+MegaCorp and issuing a new token to MegaCorp.
You can achieve the same result with different email addresses too. This avoids the "+" character issue.
Or did you mean some sort of (loose) authentication ~> authorization by tying the from address to the receiving address?
I like this idea, and have used a form of it. But it has a weakness of MegaCorp outsourcing things to 3rd parties that send email legitimately on MegaCorp's behalf to you from an email address not associated to the receiving address.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
