On 2004-09-08T15:15-0500, Robert Bonomi wrote: ) Same thing applies for 'simple' forwarding via sendmails '~/.forward' ) mechanism. the mail server 'accepts' the mail from the original source, ) and then 're-sends' to the new destination. That re-send originates as ) the _forwarding_party_, WITH an 'envelope from' of that forwarding party, ) even though the internal content ofthe message may show a _different_, ) and unrelated, "From" address. My experience with Sendmail has been that the envelope sender is retained through /etc/aliases or ~/.forward. I can confirm that qmail's .qmail definitely retains the envelope sender of the original message. MAIL From:<user@example.com> RCPT To:<aliasuser@example.net> Received: from outgoing.example.com by mail.example.net Received-SPF: pass: outgoing.example.com allowed for example.com MAIL From:<user@example.com> RCPT To:<realaddress@example.org> Received: from mail.example.net by incoming.example.org Received-SPF: fail: mail.example.net NOT allowed for example.com Mailing lists get away with changing the envelope sender because the original sender does not actually expect to receive DSNs for the message for individual subscribers. Forwarding sites, on the other hand, can not simply modify the envelope sender; DSNs *are* expected to track back to the originating sender through a simple forward. One proposal is to allow forwarding sites to modify the envelope sender in such a way as to encode the original envelope sender in the LHS of an @forwarding.site address. For example: MAIL From:<bounce-user=example.com@example.net> RCPT To:<realaddress@example.org> Received: from mail.example.net by incoming.example.org Received-SPF: fail: mail.example.net allowed for example.net A naive scheme would allow for open relaying, however. A widely-deployed naive scheme could be used by spammers to send mail to arbitrary addresses: for i in $list; do mail bounce-$(echo $i | sed s/@/=/)@example.net < myspam done At least one anti-spam group has claimed they will list mail servers from forwarding sites that use such an easily-exploited scheme. :( -- Daniel Reed <n@ml.org> http://people.redhat.com/djr/ http://naim.n.ml.org/ 1832 Savior214: that sucks that one day your just gonna die and all that work you did learning stuff just gets a rm -rf