Smtp

SMTP 允許在 RFC 中使用多個 FROM 地址。這曾經有用嗎,為什麼會存在?

  • November 14, 2013

根據 RFC,SMTP 允許在正文(而不是信封)上使用多個 FROM 地址。

此功能是否曾用於合法目的?

丟棄具有多個 FROM 地址的消息是否安全?

RFC 822實際上給出了這種用法的一個例子。它要求(第 4.4 節) Sender: 標頭在使用時存在。

     A.2.7.  Agent for member of a committee
     
             George's secretary sends out a message which was authored
        jointly by all the members of a committee.  Note that the name
        of the committee cannot be specified, since <group> names  are
        not permitted in the From field.
 
            From:   Jones@Host,
                    Smith@Other-Host,
                    Doe@Somewhere-Else
            Sender: Secy@SHost

已棄用它的RFC 2822繼續明確地允許這種特殊結構(第 3.6.2 節)。

from            =       "From:" mailbox-list CRLF

mailbox-list    =       (mailbox *("," mailbox)) / obs-mbox-list

目前標準RFC 5322中,這沒有改變,並且仍然明確允許多個地址(第 3.6.2 節)。

   The from field consists of the field name "From" and a comma-
   separated list of one or more mailbox specifications.  If the from
   field contains more than one mailbox specification in the mailbox-
   list, then the sender field, containing the field name "Sender" and a
   single mailbox specification, MUST appear in the message.

它曾經有用嗎?是的,它仍然是,對於古代例子中顯示的那種場景。具有多個作者的郵件應該將所有作者都列在 From: 標題中,並將 Sender: 設置為在他們的電子郵件程序中實際點擊 Send 的人。

   The originator fields indicate the mailbox(es) of the source of the
   message.  The "From:" field specifies the author(s) of the message,
   that is, the mailbox(es) of the person(s) or system(s) responsible
   for the writing of the message.  The "Sender:" field specifies the
   mailbox of the agent responsible for the actual transmission of the
   message.  For example, if a secretary were to send a message for
   another person, the mailbox of the secretary would appear in the
   "Sender:" field and the mailbox of the actual author would appear in
   the "From:" field.  If the originator of the message can be indicated
   by a single mailbox and the author and transmitter are identical, the
   "Sender:" field SHOULD NOT be used.  Otherwise, both fields SHOULD
   appear.

在公共 Internet 上的實踐中,執行此操作的消息並不常見,儘管它們確實發生在企業和學術環境中,其中一個人代表另一個人或一組人發送電子郵件更為常見。

我實際上從未見過這樣做的垃圾郵件(並且通過了我所有的其他控制項)。我通常認為丟棄或提高此類郵件的垃圾郵件分數是不安全的。

引用自:https://serverfault.com/questions/554520