On Wed, 12 Dec 2007 09:02:33 +0100, till klimpong@gmail.com wrote:
Isn't this what people use the "X-Sender"-header for? If I remember correctly that would be the defacto standard - but it would "only" contain an IP. ;-)
The "Received" header is a de-jure standard, and I thought we were supposed to be standards-compliant wherever possible. Furthermore, the formatting ambiguity and lack of corroborating information in an X-Sender header make the latter quite untrustworthy.
Perhaps I need to explain further: we have some customers who use webmail, and others who use "plain" mail clients (e.g. Outlook, Thunderbird etc).
When the latter group sends mail, they connect using SMTP or SMTPS; the "next hop" mail server -- normally our "official" outbound mail server -- inserts a received header that records the sending IP address and timestamp.
We want the same thing to happen when they send mail using HTTP rather than SMTP.
This information is used when the customer sends spam and it gets sent back to our "abuse" dept; we have tools that can automatically extract the customer info from such a report, and do it in a way that minimizes the chance of an innocent customer being banned as a result of a forged report.
-Martin _______________________________________________ List info: http://lists.roundcube.net/dev/