Menu
A major component of our application sends email to members on behalf of other members. Currently we set the "From" address to our system address and use a "Reply-to" header with the member's address. The issue is that replies from some email clients (and auto-replies/bounces) don't respect the "Reply-to" header so get sent to our system address, effectively sending them to a black hole. We're considering setting the "From" address to our member's address, and the "Sender" address to our system address. It appears this way would pass SPF and Sender-ID checks.
Are there any reasons not to switch to this method? Are there any other potential issues?
Here are way more details than you probably need:
When the application was first developed, we just changed the "from" address to be that of the sending member as that was the common practice at the time (this was many years ago). We later changed that to have the "from" address be the member's name and our address, i.e.,
From: "Mary Smith"
<[email protected]>
With a "reply-to" header set to the member's address:
Reply-To: "Mary Smith"
<[email protected]>
This helped with messages being mis-categorized as spam. As SPF became more popular, we added an additional header that would work in conjunction with our SPF records:
Sender:
<[email protected]>
Things work OK, but it turns out that, in practice, some email clients and most MTA's don't respect the "Reply-To" header. Because of this, many members send messages to [email protected] instead of the desired member.
So, I started envisioning various schemes to add data about the sender to the email headers or encode it in the "from" email address so that we could process the response and redirect appropriately. For example,
From: "Mary Smith"
<[email protected]>
where the string after "messages" is a hash representing Mary Smith's member in our system. Of course, that path could lead to a lot of pain as we need to develop MTA functionality for our system address. I was looking again at the SPF documentation and found this page interesting:
http://www.openspf.org/Best_Practices/Webgenerated
They show two examples, that of evite.com and that of egreetings.com. Basically, evite.com is doing it the way we're doing it. The egreetings.com example uses the member's from address with an added "Sender" header.
So the question is, are there any potential issues with using the egreetings method of the member's from address with a sender header? That would eliminate the replies that bad clients send to the system address. I don't believe that it solves the bounce/vacation/whitelist issue since those often send to the MAIL FROM even if Return Path is specified.
709
The Sender header is used to identify in the message who submitted it. This is usually the same as the From header, which is who the message is from. However, it can differ in some cases where a mail agent is sending messages on behalf of someone else.
When you send an email to a subscriber and they click 'Reply', the reply message is typically sent to the email address listed in the From: header. A Reply-To address is identified by inserting the Reply-To header in your email.
A SMTP reply code consists of a three digit number, followed by some text. The number is used by the automata to determine what state to enter next, and the text is for the human user. The context of the text may vary for each reply code. The three digits of the reply code each have a special significance.
to make answer in words or writing; answer; respond: to reply to a question. to respond by some action, performance, etc.: to reply to the enemy's fire. to return a sound; echo; resound.
So I decided to answer my own question since no one else responded. Perhaps others will find this entry when searching.
What we're finally doing is this:
Set the From header to the user's actual email address.
From: "Mary Smith" <[email protected]> Use a Sender header with the system wide email address.
Sender: <[email protected]> Finally, the actual sender that shows up in the server supplied MAIL FROM/Return Path header is set with a unique identifier, i.e.,
Return Path: "Mary Smith" <[email protected]> That allows a program running at [email protected] to intercept those auto replies and forward them onto the person they were originally intended to reach. Most real email clients will reply to the From: header. I haven't seen problems from blackberry users nor others responding to the system account.
After a month or so in production, we've had fewer issues with this than the previous method we were using.
The Sender header adds a small note in Microsoft Outlook clients about "On Behalf Of" but that's appropriate for our usage. There haven't been any issues with SPF in common clients/mta with this setup (Gmail, Yahoo, SpamAssassin, etc.)
Update: In April 2014, Yahoo and AOL changed their DMARC settings to drop these kinds of messages without notice. (They switched to p=reject; see https://wordtothewise.com/2014/04/brief-dmarc-primer/ for more information.) Our solution was to special case those domains, since the needed functionality still works with the vast majority of domains.
IF ISP MATCHES YAHOO OR AOL From: "Mary Smith" <[email protected]> Reply-To: "Mary Smith" <[email protected]> Return Path: "Mary Smith" <[email protected]> ELSE From: "Mary Smith" <[email protected]> Sender: <[email protected]> Return Path: "Mary Smith" <[email protected]> END If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With