Received: from localhost by CS.UTK.EDU with SMTP (cf v2.9s-UTK) id HAA26152; Wed, 11 Oct 1995 07:39:43 -0400 Received: by CS.UTK.EDU (bulk_mailer v1.3); Wed, 11 Oct 1995 07:39:16 -0400 Received: from mulga.cs.mu.OZ.AU by CS.UTK.EDU with SMTP (cf v2.9s-UTK) id HAA26132; Wed, 11 Oct 1995 07:39:11 -0400 Received: from mundamutti.cs.mu.OZ.AU by mulga.cs.mu.OZ.AU with SMTP (5.83--+1.3.1+0.50); id AA20310 Wed, 11 Oct 1995 21:19:02 +1000 (from kre@munnari.OZ.AU) To: drums@cs.utk.edu Subject: Re: What's the Sender header for? In-Reply-To: Your message of "Tue, 10 Oct 1995 23:31:09 EST." <9510110431.AA14133@dogie.macc.wisc.edu> Date: Wed, 11 Oct 1995 21:17:07 +1000 Message-Id: <24390.813410227@munnari.OZ.AU> From: Robert Elz > Two things. First, it tells you which particular person was > playing at being postmaster at the time. Why would I (as a recipient) care who is currently wearing the postmaster hat? Lots of reasons - from here you might easily get two contradictory messages from "postmaster", and decide which to trust based upon who the humans that caused them to be sent really were. Why would I want to send mail to that person instead of just to "postmaster"? You wouldn't, I don't think. I hope you don't believe that I am one of the people who advocate sending replies to Senders. Why do I care what your mailer believes? If nothing else, it provides a likely to be correct address. That is, if the From: turns out to be bogus, it gives you something that you might be able to use to get mail back, even if it is not what you would normally use, and takes deliberate manual effort to make happen. Why would I want to sent mail to the address that your mailer believes is "really you"? You have already asked me not to do so by putting a different address in the From: header. Again, you shouldn't. However, should your mail to the From: header simply bounce, or result in a reply from some bemused person who has no idea how or why they received your mail, then you might choose to send to the Sender and ask why the From: address was no good for the purpose. Again, preventing forgery isn't the aim, just preventing accidents. Is the argument here that the Sender: header should or should not convey security information? Neither, simply that it does not, whether it should (or ever could) is irrelevant now, it doesn't. > be sent. The From: header on the other hand, is really little > more than a comment header with syntax rules. Seems to me like identification of the author is quite a bit more. Yes, if it is used that way, as intended. However as identification of the author is unverifiable (I could claim this message to have been authored by the Prime Minister of Australia, the US President, or the King of Sewden, unless you go ask one of those people, you have no way of knowing that is not so). Consequently the From: field can contain whatever the wants to put there, and so, is essentially just a comment. A structured comment without doubt, and one that is potentially (and usually practically) very useful, but still really no more than a comment. It has to remain that way to be useful. Seems backwards to me (must be that counter-clockwise Coreolis force :). It is anti-clockwise, not counter... I would say that whatever she wants to be known by is the one that's real. Hmm, so From: king@palace.se Sender: kre@munnari.oz.au generates "king@palace.se" as my "real" address. That is an interesting observation. I think I will disagree. I'm tempted to say that I want to talk to the sender when talking about envelope information and I want to talk to the author when talking about the content in the body. Perhaps - though for the vast majority of e-mail users, the very concept of "envelope" is something of a mystery, and attempting to talk about the envelope with those people isn't going to get very far. I'd suggest that it provides a fallback, more likely to reach a relevant party, when the From: address has failed, as well as providing a little extra human useable information (not intended for mailers). Ergo, if a list expander is going to put in a Sender: header, Gawd - how did we get back to that rat hole? If I'd known that was where this was leading I would have kept quiet. I'd very much prefer to keep mailing lists right out of all of these discussions until after we get the basic principles fixed in the simple (one person to one person) cases. Then we can see how they are best applied to lists if necessary. [Aside: for what its worth, I agree, assuming lists stick in Sender headers at all]. kre ps: apologies to those of you in Sweden for my total inability to express "king@palace.se" as it would really be in Swedish.