[Top] [All Lists]

Mandatory From field, anonymity, and hacks

2004-07-15 07:15:58

RFC 2822 has relaxed some requirements which existed in RFC 822 w.r.t. mandatory
header fields (822 required at least one of To, Cc, Bcc; 2822 has no such
requirement).  However, both 822 and 2822 require a From header field.

Transport (IMAP, POP3, NNTP, SMTP, etc.) of messages does not make use of the
From field.  The From field in an original message is not used in preparation
of MDNs (Disposition-Notification-To is used) or DSNs (envelope return address
is used).

In some cases, a message author desires some degree of anonymity.  The
requirement for a From field has led to the use of some hacks in order to
comply with the letter of RFC 2822 and its predecessors, while providing some
degree of anonymity and rendering the From field unusable for manual replies.
For example, RFC 3261 section 23.4.3 and RFC 3323 section recommend
use of the reserved DNS ".invalid" domain (RFC 2606) to provide some degree
of anonymity.  There are some Internet drafts which do likewise.  I believe
such use goes somewhat beyond the intent of RFC 2606 in reserving names for
test and example purposes.

Making the From header field optional would eliminate the need for such hacks
by persons who desire the degree of anonymity that such hacks provide; those
persons could simply avoid including a From field at all, rather than
including a hacked bogus address in a From field.

The same considerations apply in the case of the Resent-From field.

Of course, in the absence of a From field, treatment of manual replies may
need to be worded slightly differently.  A Reply-To field, if present, would
be used whether or not a From field were present. It may also be worth
considering whether or not a Sender field should be required in the absence
of a From field.