[Mimedefang] How to change envelope sender?

kd6lvw at yahoo.com kd6lvw at yahoo.com
Mon May 6 15:37:33 EDT 2013

--- On Mon, 5/6/13, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Mon, May 6, 2013 at 1:29 PM, <kd6lvw at yahoo.com> wrote:
> > --- On Mon, 5/6/13, Les Mikesell <lesmikesell at gmail.com> wrote:
> >> How so, when they add setup and processing effort and don't add value?
> >>  It is the content that determines whether I think something is spam
> >> or want to read it, not the mechanics of how the message was sent or
> >> the forwarding path (which I may have set up myyself).
> >
> > So you claim that message forgery isn't a problem?  Get a clue.
> No, but I claim that wasting time and effort on things that don't
> solve the problem are a waste of time and effort.  So you claim the
> problem is solved?   Does an end-user recipient have a standard way of
> seeing who thinks any particular message was forged and why?

These do solve a problem - a different but related problem which coexists with the one you target.  Due to overlap, by itself it does eliminate much of your problem messages too.  That doesn't mean it's not useful.

A standard way:  See RFC 5451 - "Authentication-Results:" header.
Title:  "Message Header Field for Indicating Message Authentication Status."

Spammy content is not the only type of malicious message out there.  Forged messages are clearly malicious yet need not be spammy at all.  Content alone need not indicate the maliciousness of a message.

> > I agree that spaminess and source authentication are
> separate issues, but most recipients don't want forged
> messages either, spam or not.
> Do you agree that end user recipients should have the final decision
> about message disposition?   And that they probably do want forwarded
> messages whether or not the forwarder handles them in a way you deem
> appropriate?

No, because some types of scanning and responses can only be administered site-wide by the administrator (i.e. the software configuration) which cannot be changed on a per-user basis.  Take for an example a message cross- or multi-posted to many users (e.g. perhaps from a mailbox dictionary attack):  Individual users will be unaware of its bulk nature and perhaps ONLY the bulk nature will classify it as spam.  Conversely, some types of bulk mail will not be spam - namely [proper*] mailing lists and local administrative messages to all users.

* - Not the lists used by spammers but those that users sign up to receive.

More information about the MIMEDefang mailing list