Terje Petersen wrote:
... An MTA is a "message TRANSFER agent". Its job should not
necessitate reading the DATA content of email.
However, MARID's job is to verify the identity of the sender of a
message, and the sender isn't expressed anywhere except in the message
body. That's exactly why the PRA algorithm exists: to determine who
sent the message.
The mis-named "MAIL FROM:" doesn't tell you who sent the message, but
who wants to receive the bounce if any. Much confusion would have been
avoided if the 2821 command were spelled "MAIL BOUNCETO:". Many people,
including me, have gone down the path of erroneously trying to use "MAIL
FROM:" for authentication.
-- Jim Lyon