On 12.02.24 21:21, Bill Cole via mailop wrote:
The mail server providing the redirection may not be doing what the original address owner OR the owner of the address to which they are redirecting actually wants. Redirection could allow malicious server operators to direct 3rd parties to send unwanted mail to an unrelated victim or to send wanted mail which should be private to those from which it is meant to be kept secret. There is no standard way to record such a redirection in a Received header or any other header which would document why a message was routed in a particular way and no way for the sending system to validate that the redirection is benign.
As a sender I do have to trust all servers in the chain to the recipient anyway?
Any of those could be run by a malicous server operator. Even without redirection anything you describe could be done to those mails already.
A Received line might look like: Received: from server.it.tried.to.send.to by redirecting.server (Postfix) with ESMTPS id 12345 for <redirect...@example.org>; Mon, 12 Feb 2024 21:33:50 +0100 (CET) Ah well, it's a theoretical discussion anyway. Regards, Thomas Walter -- Thomas Walter Datenverarbeitungszentrale FH Münster - University of Applied Sciences - Corrensstr. 25, Raum B 112 48149 Münster Tel: +49 251 83 64 908 Fax: +49 251 83 64 910 www.fh-muenster.de/dvz/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
