From: Frank Ellermann [mailto:nobody(_at_)xyzzy(_dot_)claranet(_dot_)de]
Sent: Saturday, August 20, 2005 1:58 PM
<...>
Sender and Resent-* (like Reply-To) are rarely used, and
where they are used they might be often redundant.
Rarely used, yes, but redundant? Show me an example.
But
there are also cases where a mail is not "resent", and a
Sender is required (more than one From), and this Sender
is different from the Return-Path.
No. When mail is not "resent", Sender: indicates one party submitting mail
on behalf of one or more other parties. The Sender: may or may not be one
of the authors listed in From:. If Sender: is the party responsible for
submission of the message, then that address is also return-path. If
Sender: is not the party responsible for the message, then that address
belongs neither in Sender: nor in return-path. See my argument for this in
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200508/0460.html.
To
sum up my position:
1) For one party submitting mail on behalf of one or more other parties,
Sender: == return-path.
2) For "resending" of a received message that has no Sender: header, Sender:
== return-path.
If you think I am misinterpreting the standards, which is certainly
possible, please show me where the standards say otherwise. Never mind the
idea of enforcing this at gateways, let's just deal with the proper use and
meaning of Sender: and return-path in email.
SMTP is not the only
way to transmit mail, this Sender-ID assumption is FUBAR
to begin with.
Though Sender-ID _is_ seriously FUBAR for other reasons, we are talking
about sending mail through SMTP only. SPF only has meaning under SMTP,
ditto DK, DKIM, CSV and last and certainly least SID. Gatewaying from other
transport systems is a separate issue.
The "technically OK but still suspicious" example on the
page <http://openspf.com/esps.html> (with my browser I
can read the left part) would be incorrect for a gateway
injecting mails with their own Sender into SMTP. For a
mail without Sender it's "only" a lie.
Strongly agree. Gateways and forwarders are not supposed to add themselves
to the list of originator headers (or the "informational" Resent-*:).
Gateways have some responsibility to make sure that the headers are correct
for the transport system they are gatewaying into. For example, they can
add the message originator as return-path if none was supplied as part of
the protocol on the input side of the gateway, and correct other obvious
incompatibilities between the local protocol and SMTP. Beyond that, they
should only appear in a Received: header. A forwarder should ONLY show up
in a Received: header. Even forwarders rewriting the return-path, as in
SRS, is treading on very thin ice with regard to standards, as far as I'm
concerned. SID repurposing of headers that have had a more or less clear
meaning for a couple of decades, even if they are rarely used, directly
contradicts existing standards.
BTW, what the dickens is a page describing the operation of Sender-ID as a
recommended way for large companies to send bulk mail doing on openspf.com?
Could somebody please take this page down? Our site should not be promoting
SID in any way, shape or form.
--
Seth Goodman