Douglas Otis <doug(_dot_)mtview(_at_)gmail(_dot_)com> wrote:
Martin Rex <mrex(_at_)sap(_dot_)com> wrote:
MUAs which are not implementing the rfc822/2822/5322 "on behalf of"
semantics of a message that carries both From: and Sender: header
fields ought to be FIXED. Standards that build on rfc822/2822/5322
and do not respect "on behalf of" semantics of messages with
both "Sender:" and "From:" also need to be FIXED.
Merging Sender and From header fields by MUAs offers no protection
when actual sources of messages remain unknown.
This is *NOT* about protection or authentication, this is purely about
rfc822/2822/5322 message semantics. Something that has been well-defined
and constant for decades.
At the beginning of this Email there are two quotations with assertions
of authorship. There really is no difference to the name in the From:
field of an EMail that is carried with a different Sender (and envelope
MAIL FROM:) through an SMTP transport system.
There is no difference in semantics between the assertions above
and the rfc822-header assertion in "From:", when an rfc822 message
is transferred through an SMTP MTA system in an "on behalf of" scenario
with a differing Envelope "MAIL FROM" & matching Sender: rfc822-header.
-Martin