-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add text to A/S about what mail agents should do/not do with Received header fields #85
Comments
Initial suggestion is to add something like this: "Received header fields are not normally useful to the |
@aamelnikov now prefers the current text in Section 3.2.2: Received header fields are primarily for use when there are concerns about a message, such as to analyze handling or delivery problems, or to aid evaluation of a message with suspicious content or attributes. Received header fields are easily created and have no direct security or privacy protections. Therefore, the fields do not warrant automatic trust. They should be used with care, for whatever information is deemed valuable, and especially when syntax or values occur that are not defined by the specifications [I-D.ietf-emailcore-rfc5321bis] [I-D.ietf-emailcore-rfc5322bis]. |
Dave Crocker suggests tweaking to the current text to: Received header fields support analysis of handling and delivery problems, as well as aiding evaluation of a message with suspicious content or attributes. The fields are easily created and have no direct security or privacy protections, and the fields can contain personally identifiable information. Therefore, the fields do not warrant automatic trust and do warrant thoughtful disclosure to others. They should be used with care, for whatever information is deemed valuable, and especially when syntax or values occur that are not defined by the specifications [I-D.ietf-emailcore-rfc5321bis] [I-D.ietf-emailcore-rfc5322bis]. |
No description provided.
The text was updated successfully, but these errors were encountered: