[Mailsec] Re: SMTP headers in DATA block?

Michael De Roover <ietf@nixmagic.com> Sun, 08 June 2025 16:02 UTC

Return-Path: <ietf@nixmagic.com>
X-Original-To: mailsec@mail2.ietf.org
Delivered-To: mailsec@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id ABF063261EDB for <mailsec@mail2.ietf.org>; Sun, 8 Jun 2025 09:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTaxrTzplDqs for <mailsec@mail2.ietf.org>; Sun, 8 Jun 2025 09:02:50 -0700 (PDT)
Received: from nixmagic.com (e1.nixmagic.com [116.203.235.171]) by mail2.ietf.org (Postfix) with ESMTP id 3B39C3261ED4 for <mailsec@ietf.org>; Sun, 8 Jun 2025 09:02:49 -0700 (PDT)
Received: from workstation.vm.ideapad.lan (dhcp13.lan [192.168.10.213]) by nixmagic.com (Postfix) with ESMTPSA id C263A110569; Sun, 8 Jun 2025 16:02:48 +0000 (UTC)
From: Michael De Roover <ietf@nixmagic.com>
To: mailsec@ietf.org, John R Levine <johnl@taugh.com>, Steffen Nurpmeso <steffen@sdaoden.eu>
Date: Sun, 08 Jun 2025 18:02:48 +0200
Message-ID: <83307111.hWhx571oVS@workstation.vm.ideapad.lan>
Organization: workstation.vm.ideapad.lan
In-Reply-To: <9160842.Sb9uPGUboI@thonkpad.lan>
References: <5223991.nocEyzAEji@workstation.vm.ideapad.lan> <35058772-8cdf-55f3-680a-8d8252f692a1@taugh.com> <9160842.Sb9uPGUboI@thonkpad.lan>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="nextPart159038651.B9ErJHocXA"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: GNNGHMRG6NZIJLF65RT527OHKBJ3L5KM
X-Message-ID-Hash: GNNGHMRG6NZIJLF65RT527OHKBJ3L5KM
X-MailFrom: ietf@nixmagic.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Mailsec] Re: SMTP headers in DATA block?
List-Id: Email Security Issues <mailsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mailsec/cy76QxGuidkJMnkw9Ysu9WHNspw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mailsec>
List-Help: <mailto:mailsec-request@ietf.org?subject=help>
List-Owner: <mailto:mailsec-owner@ietf.org>
List-Post: <mailto:mailsec@ietf.org>
List-Subscribe: <mailto:mailsec-join@ietf.org>
List-Unsubscribe: <mailto:mailsec-leave@ietf.org>

On Sunday, June 8, 2025 12:27:23 PM CEST Michael De Roover wrote:
> For the coming couple of hours, I'll be out to make and eat some food, but 
> after that I look forward to investigating this further.

Now having cooked and eaten, I have done a cursory search on the terms akin to X-
Original-To that are currently in use. I will list those findings below, as well as how I got 
them.

Current headers (non-conclusive):
- X-Original-To
- X-Google-Original-From
- X-Gm-Original-To

Sources:
- https://serverfault.com/questions/1172657/having-x-original-to-header-in-postfix-set-to-original-envelope-to-before-ma[1]
- https://support.google.com/a/answer/2368153?hl=en[2]
- https://unix.stackexchange.com/questions/41714/postfix-configuration-keep-the-envelops[3]
- https://www.postfix.org/virtual.8.html[4]
- https://superuser.com/questions/1819597/what-is-x-google-original-from-used-for[5]
- https://github.com/gophish/gophish/issues/1311[6]

What I have also done is to create a very rudimentary I-D that reserves the following 
headers:
- X-Envelope-From
- X-Envelope-To

Whether we drop the X or keep it, change the terms to something else altogether, or not 
use headers at all (do state your reasons, since this seems to be the way various orgs 
handled it so far) -- I'm certainly open to discussion about that. These values are really just 
a scaffolding to have something written down.

The idea is that these headers may be able to harmonize what a variety of email providers 
already seem to be doing with their own headers (whose behavior could be quite 
arbitrary). Being harmonized would make it easier for MUAs to detect their presence, and 
act accordingly -- regardless of which organization we're talking about. But I think that 
something setting the value should only be the final MDA. If it's set before that (i.e. 
attempted forgery), let's have the MDA just ditch it and set its own.

As always, I look forward to hearing your thoughts about it.

-- 
Met vriendelijke groet,
Michael De Roover

Mail: ietf@nixmagic.com
Web: michael.de.roover.eu.org

--------
[1] https://serverfault.com/questions/1172657/having-x-original-to-header-in-postfix-set-to-original-envelope-to-before-ma
[2] https://support.google.com/a/answer/2368153?hl=en
[3] https://unix.stackexchange.com/questions/41714/postfix-configuration-keep-the-envelops
[4] https://www.postfix.org/virtual.8.html
[5] https://superuser.com/questions/1819597/what-is-x-google-original-from-used-for
[6] https://github.com/gophish/gophish/issues/1311