You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 15, 2024. It is now read-only.
there are non-user-facing headers that are actionable during reply (e.g. that shift the behavior of the MUA somehow), like Reply-To and Mail-Followup-To. (and maybe Sender and Return-Path) ?
I worry that if we don't call these out specifically, then we are vulnerable to (at least) recipient-modification attacks.
I'm not sure how to characterize or exhaustively enumerate all such headers, or where in the spec such a mention belongs. The concept is subtly different from user-facing headers.
there are non-user-facing headers that are actionable during reply (e.g. that shift the behavior of the MUA somehow), like
Reply-ToandMail-Followup-To. (and maybeSenderandReturn-Path) ?I worry that if we don't call these out specifically, then we are vulnerable to (at least) recipient-modification attacks.
I'm not sure how to characterize or exhaustively enumerate all such headers, or where in the spec such a mention belongs. The concept is subtly different from user-facing headers.