Which headers are ALWAYS returned in a reply/forward?

Question

I'm making a webstore with integrated customer service. Every few minutes, the system will retrieve emails into the database, parsing headers and relating the message to customers and orders.

Customer threading is fairly reliable via the messages From: header. But what about orders? It seems most people use the Reply-To: header for threading orders ...

From: <[email protected]>
To: <[email protected]>
Subject: Company Order #314159
Reply-To: <[email protected]>

But a messy Reply-to: obscures and uglifies things, and probably flags spam sensors or something. I definitely don't want to count on the Subject: field, people modify the subject all the time, even when replying. There are other headers that seem suited to the job, like ...

From: <[email protected]>
To: <[email protected]>
Subject: Company Order #314159
Message-ID: <314159-2>

... or ...

In-Reply-To: <314159-1>

But are these sent back when the person reply? Are there any headers (other than Reply-To:) that are reliably copied into replies and forwards?

Answer 1

You can't rely entirely on headers being preserved. When replying or forwarding, a mail client creates a new message; that mail client can quite legitimately ignore or alter any content, as deemed appropriate.

You might be able to track by the following means, but all are vulnerable to alteration (mainly by the user, but also by a primitive mail client). You should really just use them to make a best-guess.

1. A disposable Reply-To address. Theoretically, you can also do it with "From" if you want, but Reply-To is better to ensure the user (and their mail server/client) recognise it's from you and act appropriately. I see no reason why a spam filter would care about disposable addresses. Seeing as most spam uses fake addresses anyway and doesn't care about replies, it is not really a spammer trick. It's unlikely to cause a substantial increase in spam filtering. Using a Reply-To for the same domain as your From address is also unlikely to look suspicious.
2. A unique subject. Yes, it can easily be changed, but usually the existing subject is appended to, rather than deleted (especially if it obviously contains some kind of reference number). You could apply a regular expression match - maybe only using it as a confirmation of your other detection methods.
3. A unique string in the body (possibly preceded by the words "DO NOT REMOVE THIS LINE")
4. The In-Reply-To and Reference headers are probably fine, when supported. There is a small chance that a user will copy their reply into a new blank message and trash the headers anyway.

Answer 2

Reply-To is sadly not entirely reliable. All replies should have References: which is better standardized than In-Reply-To: which is not easily machine readable.

Your best bet may be to set the envelope header to a unique identifier, perhaps with a From: and Sender: combo that directs replies to the right place but displays nicely.

See also tangentially Dan Bernstein's notes; http://cr.yp.to/immhf.html and in particular http://cr.yp.to/immhf/thread.html

I don't think you can count on anything when it comes to forwards.