Internet mail conducts asynchronous communication from an author to one or more recipients and is used for ongoing dialog amongst them. Email has a long history of serving a wide range of human uses and styles, within that simple framework, and the mechanisms for making email robust and safe serve that sole purpose.
Internet mail defines the content header's From: field to indicate the author of the message and the Sender: field to indicate who initially handled the message on the author's behalf [Mail-Fmt
]. The Sender: field is optional if it has the same information as the From: field. That is, when the Sender: field is absent, the From: field has conflated semantics as both a handling identifier and a content creator identifier. These fields were initially defined in [RFC733
], and making the redundant Sender: field optional was a small, obvious optimization in the days of slower communications, expensive storage, and less powerful computers.
The dual semantics were not a problem until development of stringent protections on use of the From: field. It has prompted Mediators, such as mailing lists, to modify the From: field to circumvent receiver mail rejection caused by those protections. This affects end-to-end usability of email between the author and the final recipients, because mail received from the same author is treated differently by the recipient's software, depending on what path the message followed.
By way of example, mail originating with:
From: Example User <firstname.lastname@example.org>
which is sent directly to a recipient, will show the author's display name correctly and can correctly analyze, filter, and aggregate mail from the author based on their email address. However, if the author sends through a mailing list and the mailing list conducts a common form of From: modification needed to bypass enforcement of stringent authentication policies, then the received message might instead have a From: field showing:
From: Example User via Example List <email@example.com>
The change inserts an operational address, for the Mediator, into the From: field and distorts the field's display name as a means of recording the modification.
In terms of email identification semantics, this is a profound change:
The result is that the recipient's software will see the message as being from an entirely different author and will handle it separately, such as for sorting or filtering. In effect, the recipient's software will see the same person's email as being from a different address; this includes the person's actual address and each of the mailing lists that person's mail transits.
Mediators might create a Reply-To: field with the original From: field email address. This facilitates getting replies back to the original author, but it does nothing to aid other processing or presentation done by the recipient's Mail User Agent (MUA) based on what it believes is the author's address or original display name. This Reply-To action represents another knock-on effect (e.g., collateral damage) by distorting the meaning of that header field, as well as creating an issue if the field already exists.
In effect, the From: field has become dominated by its role as a handling identifier. The current specification augments this altered use of the From: field by specifying the Author: field, which identifies the original author of the message and is not subject to modification by Mediators.
While it might be cleanest to move towards more reliable use of the Sender: field and then to target it as the focus of authentication concerns, enhancement of existing standards works best with incremental additions, rather than with efforts at replacement. To that end, this specification provides a means of supplying author information that is not subject to modification by processes seeking to enforce stringent authentication.
This version is published as an Experimental RFC to assess community interest, functional efficacy, and technical adequacy. See Section 7