On Tuesday 15 August 2006 16:40, ken wrote:
William Gallafent wrote: [re Reply-To could be set to any email address!]
It's only OK for the originator of the message to do this, not just anybody!
And this makes a relevant difference how?
It doesn't make any difference to the problem of a user sending an email to an unexpected address by mistake ...
You might be overlooking the gravity of this "feature". Do you really think we should expect that everyone will examine carefully the headers of every they send?
No, I don't think we should expect that, sadly. It would be nice if we could. Asking a user to examine (and modify, if appropriate) the recipient addresses of an email about to be sent doesn't seem much to ask. If one has taken the time to write a message, one might as well take the time to decide who it will be sent to. Fortunately, it is only that user who is disadvantaged by his or her own carelessness. An MUA feature to warn if a reply is going to an address other than the "From:" of the incoming email (and perhaps even presents the user with a choice from a list when "Reply" is pressed) would be useful in this context, and probably exists in some MUAs. Still, when I'm composing an email, the recipients are listed very clearly at the top of the window, so it's not difficult to sanity-check them before sending. Mischeivous or malicious use of the Reply-To header, to "trick" people replying to a message in the way you suggest, will only affect incompetent users.
E.g., Should the list server do nothing with this added to an email: Reply-To: suse-linux-e-unsubscribe@suse.com ... or any number of others anyone might dream up?
The list server should indeed do nothing in this case. It is up to the author of a message to decide what goes in the Reply-To header of that message. It is also up to the author of a message to decide what goes in the recipient headers of that message. If the author's email client has put a recipient in that the author considers inappropriate, the author should remove that recipient before sending the message.