Verifying SMTP “MAIL FROM:” Matches “From:” Header in DATA

Posted by dkovacevic on Server Fault See other posts from Server Fault or by dkovacevic
Published on 2013-06-24T15:11:46Z Indexed on 2013/06/24 16:24 UTC
Read the original article Hit count: 529

Filed under:

Is there ever a legitimate reason for the SMTP “MAIL FROM:” field to not match the “From:” field in the DATA section of a message, besides mailing lists?

From http://stackoverflow.com/questions/1750194/smtp-why-does-email-needs-envelope-and-what-does-the-envelope-mean:

“But, to continue your snail mail metaphor, most professional letters will contain the sender's and recipient's addresses printed on the letter itself. Those addresses are not necessary for the postman, but are instead a courtesy to the recipient. So it's sensible that email would work the same way.”

The problem with this line of logic lies here: “courtesy to the recipient”. Including the “From:” address in an email via SMTP is not a courtesy; it is required if the recipient is to be able to send a reply.

From: How to limit the From header to match MAIL FROM in postfix?:

“But if you really want to ensure From: and MAIL FROM then you have to apply header_checks so that Return-Path: matches From:”

What are the implications of doing this? Mailing lists would obviously be a problem. Are there any other legitimate uses of differing “MAIL FROM:” and “From:” header information?

© Server Fault or respective owner

Related posts about smtp