On Fri, Apr 26, 2019 at 08:55 PM, Shal Farley wrote:
Shal,That payload exists today, and could be exploited and would be if it were worth the effort.
That's true, but I agree with everything else Brian said, and the "payload" need not exist if a polite rejection message were to be send without the inclusion of the original message. What is the payoff in sending a "This topic is locked" message, even if to servers besides the miscreant's? This payload of the original message is the only thing anyone in this thread has pointed to as the real downside. I do see that it would be a downside. A spammer could send an actual spam message, which would then be sent to the spoofed email address in the form of a rejection notice. But not if the rejection notice doesn't include it.
Messages are the sole opinion of the author, especially the fishy ones.