spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Envelope Sender X From Header. How are you treating this?

2004-07-30 16:45:18
from [Greg Connor] [Permanent Link] 
Rodrigo wrote:

 


But what if, only when the Sender-Envelope email address is different
from the From: header email address, we change the From: header to the
Sender-Envelope, forcing the mail clients to see who really sent the
message,  and put the "user inserted" From: Header on other X-whatever
header so at least the common user, that doesn't understand nothing
about SPF and so on, sees that a message that is sent from their Bank
for example, didn't come directly from them, but from another sender?
Wouldn't that be more reasonable? I mean, if I get an email sent on my
behalf by someone that isn't me I wan't the person receiving it at least
seeing who sent it no just putting my email up there at the From on my
MUA.
   



I think altering the From: header is a little backwards... the BEST fix
would be to alter the MUA/mail client to display the verified address. 
For example, MS Outlook already displays From: <Sender> On Behalf Of
<From>.  If MS Sender ID wins popular approval, they will probably alter
this to display whatever header was validated (but they will probably
also show the From:)

Remember, using either SenderID PRA, or SPF SRS, the forwarded messages
will only have the address of the forwarder (usually YOUR address) to
verify, and this won't be related to the sender's address at all.  For
example, if your forwarding address is john(_at_)pobox(_dot_)com, your email 
will
all come from the pobox.com domain, so the From: header would be useless
if replaced in this way, and all your replies would go to yourself :)

However, here is a related idea... how about, IF the From: domain is
different from the Return-Path (aka. Envelope From) THEN keep the From:
address the same, but change the displayed part of the name to
(Unverified)

For example:
MAIL FROM: <user(_at_)returnpath(_dot_)com>
...
DATA
From: John Doe <user(_at_)original(_dot_)com>

Then the MTA passing the message might change this to:
From: John Doe (Unverified) <user(_at_)original(_dot_)com>

This makes an obvious, user-visible change, without altering the reply
behavior.

Ultimately, any changes we make at the MTA will probably be reversed
once the MUA's are all updated to display verification results properly.

gregc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Distrowatch article on SPF, James Couzens
Next by Date:  Distrowatch article on SPF, Robert Storey
Previous by Thread:  Re: Envelope Sender X From Header. How are you treating this?, Rodrigo F Afonso
Next by Thread:  Re: Envelope Sender X From Header. How are you treating this?, Rodrigo F Afonso
Indexes:  [Date] [Thread] [Top] [All Lists]