ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

The Sender header field

2002-02-12 23:55:10
from [Pete Resnick] [Permanent Link] 

On 2/12/02 at 8:44 PM +0000, D. J. Bernstein wrote:
It would be interesting to understand how people managed to create the current Sender situation. 

I'll try to shed what light I can.


RFC 822 4.4.4 specifies Sender, defaulting to From, as the bounce target.
What was Crocker thinking? The envelope/message distinction was already clear in SMTP. Why is Sender useful in a mail system that supports envelope senders?
4.4.4 is not clear on whether it means bounces or other sorts of notifications. For instance, a message from a human saying "This person has a new e-mail address" would go back to the Sender since (e.g.) the secretary would be the one interested in this information. Sender would be the only reasonably readable place to find that information since at the time, Return-Path would also have had a bunch of routing information, might have a relatively useless address after the route, and it was rarely generated.
Pine and Eudora use Sender (or X-Sender or X-X-Sender) as a bogus security mechanism, putting private login information into it and making it difficult for novice users to change. What was Crispin thinking? What were the Qualcomm people thinking?
Actually, this one I can explain, at least for Eudora. Eudora never used Sender because 822 said: 

        This field contains the authenticated identity  of  the  AGENT
        (person,  system  or  process)  that sends the message.
and made it quite clear that this had to be a deliverable address. We had no way to get any kind of authenticated identity that was guaranteed to be deliverable. However, users (read site administrators) insisted that we put the POP login information somewhere to "prevent forgeries", even when we tried to convince them that this was a stupid (and useless) thing to do. Since we couldn't legitimately put that in Sender, we made up X-Sender. (In all versions of Eudora, any user with two brain cells to rub together could have gotten rid of the X-Sender or put just about anything into it that they wanted without a great deal of effort.) 

We never used X-X-Sender as far as I know.
The Pine people say that they use X-Sender/X-X-Sender because some unidentified mailing-list programs look at Sender/X-Sender. If this is true, what were the authors of those programs thinking? 

The same thing that those site administrators were thinking. (*Sigh*)
--
Pete Resnick <mailto:presnick(_at_)qualcomm(_dot_)com>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Time to act: draft-klyne-msghdr-registry, Dave Crocker
Next by Date:  Re: The Sender header field, Dave Crocker
Previous by Thread:  Re: Time to act: draft-klyne-msghdr-registry, Russ Allbery
Next by Thread:  Re: The Sender header field, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]