From owner-db-wg@ripe.net Fri Oct 18 08:19:02 1996
In my opinion notifications should *not* be sent to the originator of the change request. We had too many complaints about too many notifications. Those wishing to receive notifications of their own changes can easily achieve that by putting an alias mailbox into their notification attributes.
I think I have no problem with the above (I mean I will not argue in favour of changing this).
Note also that this smartness quite consciously introduces less 'security' because it allows someone to make clandestine changes by forging his From:-address to avoid notification. We did this because those with really high security requirements shoud use maintainers with a stronger authentication menthod.
Correct. However I originally noticed that this "feature" also works by adding a Reply-to: in the header... My point at the RIPE meeting was that when sending an update with a Reply-to, the mnt-nfy DOES get a "warning" message, that somebody made SOME updates, (since the "Congratulations" are sent to her), but has no clue wrt. WHAT exactly has been modified (usually the Subject: line does not provide accurate information - if at all)... (Of course, the situation can be even worse if the From: line is forged...) If I remember correctly, at the DB-WG session the absence of the notification (in the Reply-to case at least) was considered a *bug*. I still incline to consider the "Reply-to case" a bug (or *unwanted* feature). Forging the mail header is usually less trivial than adding a Reply-to. The latter can even occur inadvertently (this is how I discovered all the above). Janos PS. I suppose (and strongly hope :)) the authentication is based on the From: and not the Reply-to:.