[Mimedefang] Message header madness - was Re: SPF Usefulness (was Re: SNARE spam detection)

David F. Skoll dfs at roaringpenguin.com
Fri Jul 31 08:25:12 EDT 2009


Dieter Stussy wrote:

> Micro$oft Outlook Express makes it clear that it is to route replies
> to a mail box other than the mailbox account that originated them - in
> its help section.

Outlook's explanation is wrong.  From RFC 2822:

   The originator fields also provide the information required when
   replying to a message.  When the "Reply-To:" field is present, it
   indicates the mailbox(es) to which the author of the message suggests
   that replies be sent.  In the absence of the "Reply-To:" field,
   replies SHOULD by default be sent to the mailbox(es) specified in the
   "From:" field unless otherwise specified by the person composing the
   reply.

Note that in the absences of a Reply-To: field, replying to the From:
address is a SHOULD, not a MUST.  So the truly paranoid may wish always
to include a Reply-To: 

> but I stand by my view that a positive value (toward spaminess)
> should still be assigned when it is identical to the "From" header
> value.

That's not my experience.  For some spams, especially phishing spams,
Reply-To: is very different because the sender wants to trick the
recipient into replying to a throwaway address even if the purported From:
address looks official.

Regards,

David.



More information about the MIMEDefang mailing list