Received: from localhost by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id SAA28217; Tue, 3 Oct 1995 18:18:52 -0400
Received: from wilma.cs.utk.edu by CS.UTK.EDU with ESMTP (cf v2.9s-UTK)
	id SAA28207; Tue, 3 Oct 1995 18:18:50 -0400
Received: from LOCALHOST by wilma.cs.utk.edu with SMTP (cf v2.11c-UTK)
          id SAA26025; Tue, 3 Oct 1995 18:18:49 -0400
Message-Id: <199510032218.SAA26025@wilma.cs.utk.edu>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <moore@CS.UTK.EDU>
To: Eric Thomas <ERIC@SEARN.SUNET.SE>
cc: drums@CS.UTK.EDU, Keith Moore <moore@CS.UTK.EDU>
Subject: Re: What's the Sender header for? 
In-reply-to: Your message of "Tue, 03 Oct 1995 22:41:49 BST."
             <199510032151.RAA23293@CS.UTK.EDU> 
Date: Tue, 03 Oct 1995 18:18:43 -0400
Sender: moore@CS.UTK.EDU

> >I personally feel that Sender should identify the original human sender,
> >and that  mailing lists shouldn't change  it. For them to  do so removes
> >the ability of a list recipient to see who actually sent the message.
> 
> I'm sorry, but  this doesn't make any sense. The  address of the original
> human sender is in the "From:" field. 

No, the From field is the addresses of the people who authored the 
message, or who authorized sending the message, or on whose behalf 
the message is sent.  Usually From is the same as Sender, but not always.

> You're seem to say that the mailing
> list  manager should  create a  "Sender:" field  with the  same value.  

No, I'm suggesting that mailing lists should not add a Sender field.
At the least, lists that automatically forward mail without human 
intervention should not add a Sender field.

> Well, RFC822 says:
> 
> >     4.4.2. SENDER / RESENT-SENDER
> >
> >        This  field contains  the  authenticated identity  of the  AGENT
> >        (person, system or process) that sends the message.
> 
> It  seems  pretty  clear  to  me that  "system"  and  "process"  are  not
> appropriate words to  address a human being. If the  intent had been what
> you  said,  these words  would  not  have  been present.  Clearly  RFC822
> intended for computer programs to be  allowed to put a machine mailbox in
> that field.

Well, it also says:

        Since the critical function served by the  "Sender"  field  is
        identification  of  the agent responsible for sending mail and
        since computer programs cannot be held accountable  for  their
        behavior, it is strongly recommended that when a computer pro-
        gram generates a message, the HUMAN  who  is  responsible  for
        that program be referenced as part of the "Sender" field mail-
        box specification.

I'll admit that I have a hard time reconciling the "strongly recommended"
language that a HUMAN's address go in the Sender field, with the 
"person, system, or process" language in the earlier paragraph.

But the real question is: is it more important to identify the
"person, system, or process" / "agent" / (preferably HUMAN) 
who *originally* sent the message, or to identify the 
"person, system, or process" / "agent" (presumably a list)
that *last* sent the message?

Actually, I think they're both useful things to do, but one shouldn't
override the other.


> >a) Say  that lists  shouldn't mung  Sender, and  let someone  define new
> >   header fields which  are appropriate for lists.  (Arguably the latter
> >   work needs to be done anyway.)
> 
> And we're back to  the same old stupid problem of having  a 7 figure user
> base using "Sender:" for something else, pulling the rug from under their
> feet, and alluding to some vague  future work of some other working group
> as a possible migration path.

In this case it won't hurt them to pull the rug.  Right now the Sender
field is so ambiguous that you can't tell what it means.  

And as long as you're talking about the size of user bases, it might help 
to remember that there's at least one other piece of software out there 
with a similar sized user base, that has a different interpretation of 
Sender than does LISTSERV.

But what LISTSERV or sendmail do are not at issue.  What's at issue
is what we want this header field to mean.


> >b) Say that its okay for lists to mung Sender, and recommend a different
> >   way for originators  to indicate who actually sent  the message (say,
> >   in the first Received header)
> 
> I'm  afraid I  don't understand  what problem  you are  trying to  solve.
> RFC822  had  a totally  idiotic  feature  allowing  one to  put  multiple
> originating  addresses in  the "From:"  field provided  that there  was a
> "Sender:" field with a  single address. 

Some people (including myself) feel that this feature is very useful.
I sincerely doubt that we could reach a concensus to get rid of it.
(If other people want get rid of it, they should speak up.)


> As far as I  know, this has never
> been widely  used and a lot  of mail software breaks  when presented with
> such  headers. 

Just because the feature is not used very often doesn't mean that it's 
not very useful.  And yes, it breaks a lot of mail software, but if the
feature is useful enough to keep then the solution is to fix the mail
software and to make it very clear in the specs that mail software needs
to be able to deal with multiple From addresses.

> This  is the  only case  where the  usage of  "Sender:" to
> indicate  which of  the original  authors  sent the  message is  actually
> necessary.  Personally,  I  would  just deprecate  the  multiple  "From:"
> feature.

Actually, no.  The Sender doesn't have to be in the From list, because
the person actually sending the message doesn't have to be one of those 
who authorized the message to be sent.

Keith