2

To clarify this and this explanation for Sender::

In brief, From: in the message indicates the mailbox of whoever wrote the message, Sender: indicates the entity which sent a message on behalf of someone else, and To: and Cc: indicate the intended recipient mailbox. The RFCs define other header fields you may be interested in, as well.

I notice that alpine inserts the senders FQDN as <user>@<domain> in the Sender: field. While the From: field can be modified in alpine by modifying the Customized-Headers setting, attempts to set the Sender: field fail.

This looks to be an anti-spam technique? How does, or does it, relate to Sender Policy Framework?

See also:

https://en.wikipedia.org/wiki/Email_authentication

https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#Related_Requests_For_Comments

https://en.wikipedia.org/wiki/Anti-spam_techniques#Strict_enforcement_of_RFC_standards

Community
  • 1
Thufir
  • 229
  • 7
  • 18

2 Answers2

1

There is a number of technics used to avoid sender forging:

  • Users except root can't assign arbitrary SENDER header, MTA override it anyway by actual username@domain.
  • Submission from non-local domains to nonlocal domains is completely denied on the MTA.
  • He who want to send the message from non-local domain to the non-local domain should be authorized on MTA first.
  • MTA for recipient-domain checks whether the sending MTA belongs to the list of authorized sender's domain submitters (SPF)
  • DomainKey pair verified - submitter's public one from DNS must match with the private one (DKIM)
  • DMARC = SPF + DKIM
Kondybas
  • 6,864
  • 2
  • 19
  • 24
0

From M S C the help file in alpine:

                                      FEATURE: Scramble the Message-ID When Sending

Normally the Message-ID header that Alpine generates when sending a message contains the name of the computer from which the message is being sent. Some believe that this hostname could be used by spammers or could be used by others for nefarious purposes. If this feature is set, that name will be transformed with a simple Rot13 transformation. The result will still have the correct syntax for a Message-ID but the part of the MessageID that is often a domain name will not be an actual domain name because the letters will be scrambled.

It is possible (but unlikely?) that some spam detection software will use that as a reason to reject the mail as spam. It has also been reported that some spam detection software uses the fact that there are no dots after the "@" as a reason to reject messages. If your PC-Alpine Message-ID is using a name without a dot that is because that is what Windows thinks is your "Full computer name". The method used to set this varies from one type of Windows to another but check under Settings -> Control Panel -> System and look for Network Identification or Computer Name or something similar. How to set it is beyond the scope of Alpine.

which seems to both scramble the message-id field and, apparently, obviates the need for a sender field (at least from alpine). In this way, the sender field is side-stepped.

Thufir
  • 229
  • 7
  • 18