[MlMt] From vs. Sender

[Bill Cole]

On 9 Mar 2016, at 18:18, Scott A. McIntyre wrote:

> Hi,
>
>
>
>> It's not clear to me that MailMate misbehaves though. This is also 
>> supported by the comment in the headers you provided:
>>
>> 	Comments: Did not say From: user at company.com at sender's request
>>
>> This appears to mean that the sender did this intentionally.
>
> I'm not sure that is as literal as it may appear.  ;-)  It's a Mailman 
> mailing list and the "Comments" value is the same (except for the 
> username) for everyone that this is happening to.

Which is because the "Sender" is Mailman, NOT the human author of the 
message. That is right  in a thin grey zone between complying with 
RFC822 (& its successors) and violating its definition of "Sender".

> I'm not sure if it's a Mailman setting, for example, that's causing 
> this.  Since the clients are varied, and OS X Mail.app certainly 
> doesn't have an option that I know of here, my hunch has been Mailman 
> + MailMate's interpretation.

The way Mailman constructs From & Sender headers and adds (or doesn't) 
Comments explaining its actions varies depending on the version/variant 
of Mailman as well as its settings. Note this list as a demo of how 
Mailman can NOT do that.

There are pragmatic reasons for mailing lists to be doing what you 
describe, specifically: Microsoft & DMARC. Microsoft has been playing 
inconsistent games with Sender, From, and Resent-* headers for >20 years 
because X.400 had different but similar concepts that they tried to 
harmonize to RFC822 mail a few different ways that weren't quite right 
before giving up on X.400 and sticking with their last and longest-lived 
botch. Mailman and some other list managers reacted by adding Errors-To 
and Sender headers where they shouldn't be, since otherwise MS 
garbageware sends bounces & OoO notices & other auto-replies for 
mailing-list mail to From or Reply-To addresses, because MS throws away 
envelope senders and ONLY looks at headers. DMARC is a relatively new 
hybrid of DKIM & SPF for authenticating mail & publishing policy 
recommendations for how receivers should treat mail with invalid or 
missing authentication signatures. Since mailing lists behaving normally 
break most DKIM signatures and a few big freemail providers now tell 
receivers to reject mail "From" their users without valid DKIM 
signatures, mailing list operators either have to mangle From headers or 
shun subscribers from places like Yahoo and GMail.


>>> Any way to get the user at company.com to be recognised here?
>>
>> I guess it would be best if both addresses were easily accessible...
>
> It would be handy; as it is, I have to View Raw Message to figure out 
> who sent something, extract the email address, and reply to that 
> rather than the other values.

This is really problematic. Strings inside () are formally comment 
fields that mail software shouldn't try to interpret as meaningful to 
their handling of messages. Having a bare address followed by a comment 
(normally a human name) is an archaic but still formally legal   way to 
structure a From (or other originator address) header. Parsing comments 
to find a valid email address is a *MISBEHAVIOR* in some  mail software 
that has been abused for phishing  purposes.

Any mailing list that sends mail as you described has been intentionally 
configured in a  manner that encourages subscribers to NOT reply to the 
original message author, but rather to the mailing list. That effect may 
be an unintended consequence of trying to allow freemail subscribers in 
a DMARC world, but it also may well be the conscious intent of the list 
operator.