You'v already answered your own question. The client/end-user mail reader
is adding "Sender:" header to the email, that is not a proper behavior,
the sender should be added by sending MUA or MTA. Your example does not
really illustrate that behavior of Outlook since "Sender:" header is
already part of the message having been added by ietf maillist remailer.
In addition your example illustrates yet again what I said since less
sophisticated users (read 99% of users) who use outlook only see one
"From:" and one "To:" headers which are part of the header/body of the
email but you do not see the "MAIL FROM" and "RCPT TO" email used during
transmission and these are really the ones used for actual delivery.
The problem is that if you were using "From:" header for RMX validation
you would as in example below see "william(_at_)elan(_dot_)net" but actual
message
came from "ietf.org" server and so the mail would not be validated and
would fail RMX. Using "Sender:" headeris also not possible since "Sender:"
could have been set by by MUA (mine is configured not to do that) and then
there are different maillist programs and majority will actually not set
"Sender" or will not reset it to themselve if header already exists
(some will add 2nd "Sender:" header, but this is rare and considered a bug,
though I think RFC2828 does not explicitly forbid this), so again it fails
with mail lists. This leaves MAIL FROM to be used for RMX validation and
this is what all current RMX-like drafts propose. But as you quite well
illustrated the MAIL FROM is not even seen by end-users and it means
spammer can use one domain for MAIL-FROM (which would random domain
without any RMX record) and use another domain for "From:" and most users
will still consider email as having come from the listed "From:" address.
And as for the "Sender:" header, spammers quite often set that as well.
On Tue, 13 May 2003, Tom Thomson wrote:
william(_at_)elan(_dot_)net wrote on 09 May 2003 at 06:06
Envelope "From:" is the worst case since most mailing lists use their own
mailfrom and do not change "From:" (do not assume that what you see in
outlook is what others would see or that its really how mailist messsage
looks like)
Sorry, I will make that assumption. So will you, if you know what you are
talking about. So far as I can see, Outlook will display the headers exactly
as received, except that it wil add a Sender: header where relevant in
conformance with the standard. Since RFC2822 headers are distinct from
RFC2822 content they are of course displayed in a different window from the
content, which is useful behaviour since the headers are long and it would
be boring to have to skip over them every time (certainly I used to find it
that way in the days of MUAs which displayed header plus content as a single
unit).
I've appended below the email headers that Outlook reports for the message
to which I am replying. If you think any of these is not correct (ie
Outloook has got it wrong) please let me know and I'll take it up with M$.
If you don't think any of it is wrong, perhaps you'll not make silly
accusations about Outlook in future.
Tom
Received: from www1.ietf.org ([132.151.1.19]) by mail.neosinteractive.com
with Microsoft SMTPSVC(5.0.2195.5329);
Fri, 9 May 2003 13:29:26 +0100
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1])
by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4982I811640;
Fri, 9 May 2003 04:02:18 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176])
by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h497xr811361
for <asrg(_at_)optimus(_dot_)ietf(_dot_)org>; Fri, 9 May 2003 03:59:53
-0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA08152
for <asrg(_at_)ietf(_dot_)org>; Fri, 9 May 2003 03:49:32 -0400 (EDT)
From: william(_at_)elan(_dot_)net
Received: from ietf-mx ([132.151.6.1])
by ietf-mx with esmtp (Exim 4.12)
id 19E2fG-0002N4-00
for asrg(_at_)ietf(_dot_)org; Fri, 09 May 2003 03:51:34 -0400
Received: from sokol.elan.net ([216.151.192.200])
by ietf-mx with esmtp (Exim 4.12)
id 19E2fF-0002N1-00
for asrg(_at_)ietf(_dot_)org; Fri, 09 May 2003 03:51:33 -0400
Received: from sokol.elan.net (localhost.localdomain [127.0.0.1])
by sokol.elan.net (8.12.5/8.12.5) with ESMTP id h495627W017107
for <asrg(_at_)ietf(_dot_)org>; Thu, 8 May 2003 22:06:02 -0700
Received: from localhost (william(_at_)localhost)
by sokol.elan.net (8.12.5/8.12.5/Submit) with ESMTP id h49562ML017103
for <asrg(_at_)ietf(_dot_)org>; Thu, 8 May 2003 22:06:02 -0700
X-Authentication-Warning: sokol.elan.net: william owned process doing -bs
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Re: RMX evaluation / Paul Vixie's procedure
In-Reply-To: <200305090131(_dot_)33356(_at_)grx>
Message-ID:
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0305082050400(_dot_)1089-100000(_at_)sokol(_dot_)elan(_dot_)net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: asrg-admin(_at_)ietf(_dot_)org
Errors-To: asrg-admin(_at_)ietf(_dot_)org
X-BeenThere: asrg(_at_)ietf(_dot_)org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,
<mailto:asrg-request(_at_)ietf(_dot_)org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg(_at_)ietf(_dot_)org>
List-Help: <mailto:asrg-request(_at_)ietf(_dot_)org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,
<mailto:asrg-request(_at_)ietf(_dot_)org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 8 May 2003 22:06:02 -0700 (PDT)
Return-Path: asrg-admin(_at_)ietf(_dot_)org
X-OriginalArrivalTime: 09 May 2003 12:29:26.0747 (UTC)
FILETIME=[A15052B0:01C31626]
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg