[mail-vet-discuss] Draft as of 9/4/2007

[John Levine]

>Any MTA that is concerned about client security and misinterpretation
>should strip out ALL AR headers except for its own.  Anything else
>opens up ambiguities in terms of who the client can trust.

Except that breaks an actual use case.  I have a bunch of mail
addresses other places that forward mail to my regular address.  The
forwarders are all easy to recognize due to fixed IP addresses and
consistent received header syntax.  The AR headers that the forwarders
add would be quite useful to me, and I really don't want to have to go
patching my MTA to tell it what users expect mail forwarded from what
places in order to get to look at them.

R's,
John