As you can see in Figure 14-2, the message has a Return-Path and a From header. The difference between these two will be very important in the upcoming discussion about mail filtering.
The Return-Path is referred to as the envelope sender address. It's taken from the initial SMTP connection's FROM command and it's kept (if present) by every MTA (though it might be rewritten in some special cases). The From header, on the other hand, has no relation whatsoever to the SMTP transaction; it's defined by the MUA and can be easily changed by the sending user. This header is also the one prominently displayed by every mail client when reading a message, whereas Return-Path is usually hidden.
Return-Path can be changed as well (or better, it can be "spoofed") but that involves some obscure setting on most MUAs. Also, when sending a message using an MUA that cannot speak SMTP (an MUA is not required to speak SMTP for delivering messages) but instead invokes a binary using the so-called Sendmail compatibility interface for directly delivering messages to the local MTA, spoofing the envelope sender might trigger a X-Authentication-Warning header warning about the possibly forged header (Sendmail, most notably, displays this behavior). Any kind of warning should not be taken for granted and treated as a reliable source of information.
From: Delivered-To: Received: □ References: Return-Path: Received: Received:
Received: Received: Received:
leteffisecom.oro (qmail 7724 invoked from network); 28 May 2008 16:12:11 -0000 <48 3D JOB 1.40 30 501 aisecom. org > ^BggmaiLcorn from maiiwash4,pair,com (66,39,2,4) by kunatri,pair,com with SMTP; 28 May 2008 16:12:11-0000
from iocaihost Oocaihost [1:7,0,0,1]) by maiiwash4,pair,com (Postfix) with SMTP id E405DC9375 for <petESSsecom.org>; Wed, 28 May 2008 12:12:10 -0400 (EDT)
from rn-out-091D.googie.com (rn-out-091D.googie.com [18.104.22.168i]) by maii'A'ash4.pair.com (Postfix) with ESMTP id E8AADC938A for <peteJisecom.org>; Wed, 28 May 2008 12:12:06 -0400 (EDT)
by rn-out-0910.google.com with SMTP id j40sol737228rnf.4for <[email protected]>; Wed, 28 May 2008 09:12:07 -0700 (PDT) by 10.115.59.4 with SMTP id m4mr2738743wak. 104.1211987511413; Wed, 28 May 2008 08:11:51 -0700 (PDT) by 10.114.192.3 withKTTP; Wed, IS May 2008 08:11:51 -0700 (PDT;'
The reasons for having two different senders is to separate the information provided by the client application (sender) from the actual SMTP transaction (envelope sender). All mail server settings and filters as well as systems like SPF (which we'll cover later) always apply to the envelope-from and not the From: header that you clearly see in your messages. This means that subtle mechanisms for header validation generally don't affect the information perceived by the final user, but rather are something that might help administrators in tracking down the actual path of the offending messages.
Neither of these two headers has a standard form of validation (except the above mentioned X-Authentication-Warning, which, in some cases, may give a weak hint about the header's legitimacy). The envelope sender is also the one being used for all bounced messages when delivery to the named recipient is not possible or times out. The From: address should never be used for that purpose (although some broken mail servers do that).
One of most notable examples for this distinction is mailing lists. When a message is posted to a mailing list, all bounces are handled by the mailing list server and not the original sender. That's why, even if the From: address points to the original sender, the envelope sender always points to the mailing list server. Look for examples of this in your mailbox as an exercise.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.