Re: [courier-users] Courier MLM From Rewrite

Thu, 29 May 2014 15:51:30 -0700 

Lindsay Haisley writes:


On Sat, 2014-05-24 at 20:55 -0400, Sam Varshavchik wrote:

> If that's what they're saying, then honoring that request would be the
> correct thing to do, and bouncing mail with their domain on it, that's not
> coming from their servers, is the reasonable thing to do.

The "author" and the "sender" of a message are distinct entities, and it
seems that they often get confused in discussions of DMARC.  From RFC
2822 (3.6.2):

   "The "From:" field specifies the author(s) of the message,
   that is, the mailbox(es) of the person(s) or system(s) responsible
   for the writing of the message.  The "Sender:" field specifies the
   mailbox of the agent responsible for the actual transmission of the
   message."

Using the authorship information in a message to determine origin is a
misinterpretation of the From header, which bends RFC 2822 even if it
doesn't break it outright.
The RFC-2822 verbiage makes it sound almost like it's talking about the SMTP MAIL FROM address. SPF does not use the Sender: header, but uses the SMTP MAIL FROM address.
I'm guessing that somewhere in the murky past it was intended for the final mail delivery agent to record the MAIL FROM in the Sender: header, adding it to the message. But, somehow that never seemed to happen.
The sender address was originally recorded in the From_ line of Bezerkely- style mailbox files. When Qmail came along, the MAIL FROM address got dumped into the Return-Path: header. Courier followed along and did the same.
I think that some other mail servers use X-Sender. Sender: seems to be used to indicate when the mail is sent by someone other than the mailbox referenced by the From: header – i.e. a secretary has access rights to the PHB's mailbox, and responds to the boss's email, with the replies carrying the PHB's email address, and the secretary as the Sender:. That appears to be the typical usage today. 

But as far as sender validation goes, MAIL FROM: is what gets looked at.

Attachment: pgpCkJ6lunJRy.pgp
Description: PGP signature

------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to