Received: from localhost by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id AAA21997; Wed, 11 Oct 1995 00:32:26 -0400
Received: by CS.UTK.EDU (bulk_mailer v1.3); Wed, 11 Oct 1995 00:31:14 -0400
Received: from dogie.macc.wisc.edu by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id AAA21974; Wed, 11 Oct 1995 00:31:12 -0400
Received: by dogie.macc.wisc.edu;
          id AA14133; 5.57/42; Tue, 10 Oct 95 23:31:09 -0500
Date: Tue, 10 Oct 95 23:31:09 -0500
From: Eric Norman <ejnorman@macc.wisc.edu>
Reply-To: drums@cs.utk.edu
Message-Id: <9510110431.AA14133@dogie.macc.wisc.edu>
To: drums@cs.utk.edu
Subject: Re: What's the Sender header for?

> And as for "AGENT", I'd define this as:

> + for any message sent as a result of a specific human action, the 
>   AGENT is that human and the Sender address should be a stable address
>   that *uniquely identifies* that human.

Which human action causes the message to be sent?  The act of writing it
or the act of "dropping it in a mailbox".  This is the distinction
RFC822 tries to make.  The From: header identifies the author or authors;
the Sender: header identifies who caused the message to be sent.  In just
about all cases, the author does both, hence the Sender: header should be
missing in those cases.

Now hold that thought until I'm done with the main argument below.

> + for any message sent as a result of an automatic process, the AGENT
>   is the human being responsible for maintaining that process and fixing
>   it if it breaks, and the Sender address should be a stable address
>   such that mail sent to the address will reliably reach that human.

I'm not sure I agree; why would such an address differ from the SMTP MAIL
FROM: or Return-Path: address?  Hold that thought too.

You certainly imply quite stongly that the Sender: address should
represent a human being; I can buy that much.

Preview of main argument:  the Sender header contains a valid (stable,
if you will) address.  In order for the information contained therein
to be useful to me (the recipient), there has to be a reason why I
would want to send a mail message to that address; otherwise it's
just commentary clutter.

>    of what use is the kre@munnari.oz.au information to me?

> Two things.   First, it tells you which particular person was
> playing at being postmaster at the time.

Why would I (as a recipient) care who is currently wearing the
postmaster hat?  Why would I want to send mail to that person instead
of just to "postmaster"?

> and second, and more importantly,
> it tells you who my mailer believes really sent the mail.

Why do I care what your mailer believes?  Why would I want to sent
mail to the address that your mailer believes is "really you"?
You have already asked me not to do so by putting a different address
in the From: header.

> I could just as easily stick "From: Eric Norman <ejnorman@macc.wisc.edu>"
> in the messages I send.

> I know this is totally pathetic as a security measure, if I really
> wanted to forge a message from you, there's no way I would be
> sending it via a mailer that added Sender headers, but when
> defeating deliberate forgery is not the aim, the Sender header
> does add useful extra information, provided the mailers implement
> it sanely.

Is the argument here that the Sender: header should or should not
convey security information?  If the former, I'm going to object
because (as you said) it's not possible, and I think there is more
useful information to be conveyed by such a header.

> be sent.  The From: header on the other hand, is really little
> more than a comment header with syntax rules.

Seems to me like identification of the author is quite a bit more.

> I know I just sent my other message, and so no-one has seen it
> yet, and all will have before they see this one, but to say it
> aain with less other stuff preceding...

Isn't it a treat to participate in discussions where the participants
are scattered in time zones around the world?

> I think I prefer the distinction between "real" and "unreal" (or
> whatever) addresses as being that the "real" address is one that
> the mailer has determined belongs to the entity that submitted the
> message, whereas the "unreal" (From:) address is the way the
> submitter prefers to identify herself, and could be anything at
> all (it is certainly not verified).   No more than that.

Seems backwards to me (must be that counter-clockwise Coreolis force :).
I would say that whatever she wants to be known by is the one that's
real.

Well, it's clear that I think the behavior of MH regarding the Sender:
header is not very useful and nothing more than commentary clutter.

So why would I ever want to send mail to the Sender: address (assuming
it means whomever caused the message to be sent and understanding that
that may not be the author)?

I may want to send a message to such an entity that conveys something
like:  "I consider this junk; please don't sent me any more", or "I
have moved; here's my new address", or "I don't do this any more; I'll
forward this, but future such requests should go to flyswatter@ayres.rock".

I'm tempted to say that I want to talk to the sender when talking about
envelope information and I want to talk to the author when talking about
the content in the body.

Ergo, if a list expander is going to put in a Sender: header, it should
represent the person that adds or deletes names from the list.  This
may or may not be the person that fixes problems.  Assuming that the
Sender: address differs from the SMTP MAIL FROM: address, I think the
latter is mor appropriate to use to try to get problems fixed.

-- Eric Norman