CHI Coder 007 asked:
SMTP allows for multiple FROM addresses on the body (not the envelope) according to the RFCs.
Has this feature ever been used for a legitimate purpose?
Is it safe to discard messages that have multiple FROM addresses?
RFC 822 actually gives an example of this usage. It required (Section 4.4) that the Sender: header be present when it was used.
A.2.7. Agent for member of a committee George's secretary sends out a message which was authored jointly by all the members of a committee. Note that the name of the committee cannot be specified, since <group> names are not permitted in the From field. From: [email protected], [email protected], [email protected] Sender: [email protected]
RFC 2822, which obsoleted it, continued to explicitly allow this particular construction (Section 3.6.2).
from = "From:" mailbox-list CRLF mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list
In the current standard, RFC 5322, this is unchanged, and multiple addresses are still explicitly allowed (Section 3.6.2).
The from field consists of the field name "From" and a comma- separated list of one or more mailbox specifications. If the from field contains more than one mailbox specification in the mailbox- list, then the sender field, containing the field name "Sender" and a single mailbox specification, MUST appear in the message.
Was it ever useful? Yes, and it still is, for exactly the sort of scenario shown in the ancient example. Messages with multiple authors are supposed to have all of them listed in the From: header, with the Sender: set to the person who actually hit Send in their email program.
The originator fields indicate the mailbox(es) of the source of the message. The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message. For example, if a secretary were to send a message for another person, the mailbox of the secretary would appear in the "Sender:" field and the mailbox of the actual author would appear in the "From:" field. If the originator of the message can be indicated by a single mailbox and the author and transmitter are identical, the "Sender:" field SHOULD NOT be used. Otherwise, both fields SHOULD appear.
In practice on the public Internet, messages in which this is done are uncommon, though they do occur especially in enterprise and academic environments where it’s much more common for one person to send email on behalf of another, or of a group.
I’ve never actually seen spam that does this (and got through all my other controls). I would generally consider it unsafe to discard or raise the spam score of such a message.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.