smtpemailposterousincoming-mail

smtp e-mail headers: return-path vs. sender vs. from


Please help me make some order with email headers.

What does each of the following mean: return-path, sender, from.

The question is being asked in the context of an email receiving app (let's say a posterous clone).


Solution

  • Based on my experience -

    These headers can all be faked pretty easily, so verification is pretty much out.

    However, if the sending domain has an SPF record, you can verify the Received headers against the list of approved mail servers for that domain. That will at least tell you whether or not the message really came from that domain, but that doesn't guarantee that the particular user sent it (it could be spoofed by another user on the same domain). Plus, not all domains publish SPF records, so it's not always an option.