Multiple "From:" in a mail header?
in [Postfix]
|
From: Victor Duchovni on 14 Jan 2010 14:14 On Thu, Jan 14, 2010 at 08:07:34PM +0100, Ralf Hildebrandt wrote: > * K??rlis Repsons <karlis.repsons(a)gmail.com>: > > > > According to RFC 5322: > > > > > > from = "From:" mailbox-list CRLF > > > mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list > > > > > > Thus, one From: header may contain multiple addresses. > > > > Well, another possible trouble I was about to ask later, but still, can there > > be multiple From:? > > And in what cases can there be multiple addresses in From: field? Its strange. > > If anyone knows... > > RFC 5322 speaks of the From: field in singluar only, thus only one is > allowed: The same is true for "To:" and "Cc:" and yet in practice, multiple "To:" and "Cc:" fields are sometimes sent and are processed collectively by typical email software. The Postfix sendmail(1) command, when used to send email to recipients specified via the message headers (the "-t" switch) will collect recipient addresses from multiple "To:", "Cc:" and "Bcc:" headers. It may be prudent to also treat: From: <authorA> From: <authorB> as synonymous with: From: <authorA>, <authorB> the implied meaning is that the people with those email addresses, co-authored the email. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majordomo(a)postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
From: Mark Martinec on 14 Jan 2010 19:20 On Thursday January 14 2010 20:14:48 Victor Duchovni wrote: > It may be prudent to also treat: > From: <authorA> > From: <authorB> > as synonymous with: > From: <authorA>, <authorB> > the implied meaning is that the people with those email addresses, > co-authored the email. ....or treated with utmost suspicion, as that could be an attempt to fool a MUA + a content filter combination to let mail through but still show to a reader what was desired by malware. Note that a message with a DKIM signature with only one occurrence of a 'from' in its 'h' tag is covering the bottommost instance of a 'From' header field, yet a MUA might show the topmost. When amavisd-new (since version 2.6.4) is DKIM-signing a message, it inserts a ":from:from:" into the 'h' tag, which makes a later appending of another From header field invalidate a signature. Mark
From: "=?utf-8?q?K=C4=81rlis_Repsons?=" on 15 Jan 2010 03:11 On Thursday 14 January 2010 19:14:48 Victor Duchovni wrote: > It may be prudent to also treat: > > From: <authorA> > From: <authorB> > > as synonymous with: > > From: <authorA>, <authorB> > > the implied meaning is that the people with those email addresses, > co-authored the email. But have you seriously seen a mail client, which would allow sending such mail? I would think, this is an extreme rarity, but is it?
From: Mark Martinec on 15 Jan 2010 04:29 On Friday January 15 2010 09:11:27 KÄrlis Repsons wrote: > But have you seriously seen a mail client, which would allow sending such > mail? I would think, this is an extreme rarity, but is it? It is very rare alright. Multiple author addresses in a single From header field are legitimate, but some mail processing software breaks on them. Multiple From header fields are prohibited by rfc, but that does not stop malicious or broken senders from doing it if they feel like it. If one or the other turns out to be profitable for malware, it will be used, no doubt about it, so better be ready. Btw, of the header fields that may occur only once, it is currently more usual to see multiple Message-ID, or Subject, or To or Cc, or MIME-Version, or Content-Type. Very rare are duplicate Reply-To or Date. The least common is to see multiple From. Mark
From: "=?utf-8?q?K=C4=81rlis_Repsons?=" on 15 Jan 2010 05:00
On Friday 15 January 2010 09:29:37 Mark Martinec wrote: > On Friday January 15 2010 09:11:27 KÄrlis Repsons wrote: > > But have you seriously seen a mail client, which would allow sending such > > mail? I would think, this is an extreme rarity, but is it? > > It is very rare alright. > > Multiple author addresses in a single From header field are legitimate, > but some mail processing software breaks on them. > > Multiple From header fields are prohibited by rfc, but that does not > stop malicious or broken senders from doing it if they feel like it. > > If one or the other turns out to be profitable for malware, > it will be used, no doubt about it, so better be ready. > > Btw, of the header fields that may occur only once, it is currently > more usual to see multiple Message-ID, or Subject, or To or Cc, > or MIME-Version, or Content-Type. Very rare are duplicate Reply-To > or Date. The least common is to see multiple From. > > Mark Thanks! |