On Fri, Nov 05, 2010 at 12:41:06PM -0700, Alejandro Facultad wrote:
> Thanks but, is it right if coming from Internet I enter to your mail
> server and after that I send a message from your mail account to your
> project manager's mail account telling he's an asshole ???
Don't confuse the envelope sender (which most recipients neither see
nor understand) with the "From:" header which most recipients do see
and don't understand.
The "From:" header is easily (and often legitimately) forged. For example,
the Postfix-users list sends your own posts to you, from the Internet. The
"From:" header still bears your address. Sure, the envelope sender is
not, but the risk you pose applies to the "From:" header not the envelope.
Applying policy restrictions to the "From:" header, is fraught with
complexity and peril. I don't want to get into the politics of SIDF, DKIM,
... the bottom line is that people largely have unrealistic expectations
of what email authentication technologies can do for them.
--
Viktor.
