On Wed, 10 Jan 2001, j.linn wrote:
> I believe that RFC822 meant that the software inserting the originator
> should ensure that somewhere in the header there is an authenticated
> address.
Yes, I think that's it. When RFC 822 was written, the hosts people were
using to connect to the net were multi-user systems where users had to
quote passwords in order to log in. So you always had a password-
authenticated user to blame.
> The FROM header is a user field and can have multiple recipients so may or
> may not be authentic. The system should check this and, if not, stamp
> the message with a SENDER field. The FROM header is a user or system field
> whereas the SENDER header is for system use only.
Yes. The sort of thinking at the time is shown in examples like this:
From: peter, paul, mary
Reply-to: paul
Sender: jim (secretary to peter, paul and mary)
In these days of single-user systems, and clients injecting mail over
SMTP, the distinction between FROM and SENDER has become woolly.
> Error message are sent to the SENDER and if none the From address.
Error messages that are automatically created are sent to the
*envelope sender* field. If none, no automatic responses should be send.
(See RFCs 821, 1123). The envelope sender may or may not contain the
same address as SENDER.
> Replies should be sent to the REPY-TO or the FROM address.
Humans can send to any address they like, including the SENDER if
they so wish.
> However is practice this does not happen and so the mess continues.
I agree with your last clause!
> I suppose this is why EXIM has sender_verify etc.
sender_verify verifies envelope senders. It exists because too much mail
is sent out with invalid envelope sender addresses.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
