Wandering Thoughts archives

2011-02-06

Dear Unix mailers: please allow more forgery

Here is a peculiar irritation I have with Unix mailers (the combination of both MTAs and MUAs): I wish they made it easier for people to forge their outgoing email address, the address that appears as the From: and in the envelope sender and so on.

Unix mailers generally make it at least possible and sometimes easy to do a half-assed job of forgery. You can put in your own From: and many mailers will leave it alone, but they'll then also add a Sender: header and usually won't touch the envelope sender address. When I am in a cautious mood, this is not good enough; I want no traces in the headers that an outsider could easily use to identify my email address or even to identify that the From: address is not a fully real address.

Most IMAP-based MUAs make this thorough level of forgery so trivial that it's not even forgery, it's just multiple identities. I have four different ones configured in Thunderbird and the most difficult bit of setting them up was knowing that the 'manage identities' button was the Preferences option that I wanted (and Thunderbird is smart about using them, too). But Unix mail systems are (or at least seem to be) pointlessly stubborn about this.

(Please don't suggest that I abandon my Unix mailer for some IMAP client. I am very attached to my Unix MUA of choice and it's probably the single oldest piece of my Unix environment by now.)

In today's world of spam and untrusted destinations there are lots of reasons to want to thoroughly use other sender addresses, and given that you can already do this through other mechanisms I think that Unix mailer environments should at least default to allowing this and making it relatively easy.

(This should not affect your ability to trace email back to its actual sender if someone complains; just put the UID that the email was received from in the Received: headers or the like. I believe that this is more or less the default for Unix MTAs these days.)

PS: since I only use one Unix MUA and it's an uncommon choice, maybe all of the common ones have changed over to doing what I want and I'm really just griping about a single MUA.

spam/PleaseAllowForgery written at 01:03:34; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.