On 2/12/02 at 8:44 PM +0000, D. J. Bernstein wrote:
It would be interesting to understand how people managed to create
the current Sender situation.
I'll try to shed what light I can.
RFC 822 4.4.4 specifies Sender, defaulting to From, as the bounce target.
What was Crocker thinking? The envelope/message distinction was
already clear in SMTP. Why is Sender useful in a mail system that
supports envelope senders?
4.4.4 is not clear on whether it means bounces or other sorts of
notifications. For instance, a message from a human saying "This
person has a new e-mail address" would go back to the Sender since
(e.g.) the secretary would be the one interested in this information.
Sender would be the only reasonably readable place to find that
information since at the time, Return-Path would also have had a
bunch of routing information, might have a relatively useless address
after the route, and it was rarely generated.
Pine and Eudora use Sender (or X-Sender or X-X-Sender) as a bogus
security mechanism, putting private login information into it and
making it difficult for novice users to change. What was Crispin
thinking? What were the Qualcomm people thinking?
Actually, this one I can explain, at least for Eudora. Eudora never
used Sender because 822 said:
This field contains the authenticated identity of the AGENT
(person, system or process) that sends the message.
and made it quite clear that this had to be a deliverable address. We
had no way to get any kind of authenticated identity that was
guaranteed to be deliverable. However, users (read site
administrators) insisted that we put the POP login information
somewhere to "prevent forgeries", even when we tried to convince them
that this was a stupid (and useless) thing to do. Since we couldn't
legitimately put that in Sender, we made up X-Sender. (In all
versions of Eudora, any user with two brain cells to rub together
could have gotten rid of the X-Sender or put just about anything into
it that they wanted without a great deal of effort.)
We never used X-X-Sender as far as I know.
The Pine people say that they use X-Sender/X-X-Sender because some
unidentified mailing-list programs look at Sender/X-Sender. If this
is true, what were the authors of those programs thinking?
The same thing that those site administrators were thinking. (*Sigh*)
--
Pete Resnick <mailto:presnick(_at_)qualcomm(_dot_)com>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102