starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 14:15:53 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #241] Munging “From:” headers causes problems. Plz give an opt-out setting for that. #213

New issue
Closed
opened 2026-03-01 17:45:44 +03:00 by kerem · 3 comments
kerem commented 2026-03-01 17:45:44 +03:00
Owner
Copy link

Originally created by @bruceleerabbit on GitHub (Dec 24, 2021).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/241

A sample /From:/ header looks something like this:

From: "Marge Simpson 'marge at simpsons.org'" <simpsonsfan+marge=simpsons.org@bruceleerabbit.anonaddy.com>

This seems to be trying to overload & repurpose the FROM field instead of using existing standards that already exist for this purpose.

The FROM should not be tampered with. Mail clients and mail processors have expectations that the FROM field will reflect what the sender intended, and rx-side tools rightfully use that field for input for a variety of tasks. The munging is particularly disruptive when an advanced mail system is processing mail from many different standards-conforming sources.

The current FROM header should really be in the REPLY-TO header. Not all users even need this information, but for those who do the REPLY-TO is the proper place. I realize that some mail clients are technologically challenged and may not know how to treat the reply-to field, but when a service serves a wide userbase with many MUAs, the way forward is to assume MUAs are well behaved as opposed to doing a hack to help some bad MUAs at the cost of encumbering proper MUAs. In effect, users who select good software are being crippled.

(The fix)

I suggest a per-user config option like this:

Where would you like the address for anonaddy-routed replies to go?

  1. nowhere (e.g. mutt users can put what they want in the FROM field on outbound msgs and maybe they use an SMTP server that will accomodate; mutt also has some smarts for working out automatically which of the recipients is you and uses that to populate the reply headers)
  2. the Reply-To field
  3. this custom field: (this is useful if a does not want reply-to interaction with every reply, but perhaps in rare corner-case situations they might want to use that address manually)
  4. munge the FROM field

And in the case of option 4 (the current status quo for everyone), I also suggest adding a header like “X-Original-From” or “Original-Sender” which could still provide the unmunged FROM header in full verbatim. Procmail could then look at those supplemental fields to take action.

(Mutt side-effect/impact)

A mutt user would likely have this line in their configs to tell mutt which addresses are held by the user:

alternates [a-zA-Z0-9]+\.?[a-zA-Z0-9]*@bruceleerabbit.anonaddy.com

Since that regexp matches the munged FROM field, the index page in mutt is smart enough to show the TO field instead (because if a msg is /from/ you the /from/ value it's not generally as useful as the /to/ value). In the case of anonaddy, users actually see the less interesting info (the /to/ content) in the page index. The workaround is to do this:

alternates ^[^=]+@bruceleerabbit.anonaddy.(com|me)

Which will work until a user actually puts an “=” in their alias.

As a sidebar, I must say I hate logging into a Microsoft asset to file a bug report. In any case, you guys are doing great work overall and stand above the other forwarding services because of the PGP capability, which is sadly unique to your service.

(Workaround?)

In principle one could create a procmail stanza to unmunge the FROM header, but that could be some quite tricky parsing because the @ sign is replaced with at, and at could have been in the original name portion of the field. The single quotes couldn't be relied on because what if the name portion contained single quotes originally (e.g. “Pete 'Pistol Pete' Rollack”)?

Originally created by @bruceleerabbit on GitHub (Dec 24, 2021). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/241 A sample /From:/ header looks something like this: `From: "Marge Simpson 'marge at simpsons.org'" <simpsonsfan+marge=simpsons.org@bruceleerabbit.anonaddy.com>` This seems to be trying to overload & repurpose the FROM field instead of using existing standards that already exist for this purpose. The FROM should not be tampered with. Mail clients and mail processors have expectations that the FROM field will reflect what the sender intended, and rx-side tools rightfully use that field for input for a variety of tasks. The munging is particularly disruptive when an advanced mail system is processing mail from many different standards-conforming sources. The current FROM header should really be in the REPLY-TO header. Not all users even need this information, but for those who do the REPLY-TO is the proper place. I realize that some mail clients are technologically challenged and may not know how to treat the reply-to field, but when a service serves a wide userbase with many MUAs, the way forward is to assume MUAs are well behaved as opposed to doing a hack to help some bad MUAs at the cost of encumbering proper MUAs. In effect, users who select good software are being crippled. (*The fix*) I suggest a per-user config option like this: Where would you like the address for anonaddy-routed replies to go? 1) nowhere (e.g. mutt users can put what they want in the FROM field on outbound msgs and maybe they use an SMTP server that will accomodate; mutt also has some smarts for working out automatically which of the recipients is you and uses that to populate the reply headers) 2) the Reply-To field 3) this custom field: <enable user to freetype a custom field> (this is useful if a does not want reply-to interaction with every reply, but perhaps in rare corner-case situations they might want to use that address manually) 4) munge the FROM field And in the case of option 4 (the current status quo for everyone), I also suggest adding a header like “X-Original-From” or “Original-Sender” which could still provide the unmunged FROM header in full verbatim. Procmail could then look at those supplemental fields to take action. (*Mutt side-effect/impact*) A mutt user would likely have this line in their configs to tell mutt which addresses are held by the user: `alternates [a-zA-Z0-9]+\.?[a-zA-Z0-9]*@bruceleerabbit.anonaddy.com` Since that regexp matches the munged FROM field, the index page in mutt is smart enough to show the TO field instead (because if a msg is /from/ you the /from/ value it's not generally as useful as the /to/ value). In the case of anonaddy, users actually see the less interesting info (the /to/ content) in the page index. The workaround is to do this: `alternates ^[^=]+@bruceleerabbit.anonaddy.(com|me)` Which will work until a user actually puts an “=” in their alias. As a sidebar, I must say I hate logging into a Microsoft asset to file a bug report. In any case, you guys are doing great work overall and stand above the other forwarding services because of the PGP capability, which is sadly unique to your service. (*Workaround?*) In principle one could create a procmail stanza to unmunge the FROM header, but that could be some quite tricky parsing because the `@` sign is replaced with ` at `, and ` at ` could have been in the original name portion of the field. The single quotes couldn't be relied on because what if the name portion contained single quotes originally (e.g. “Pete 'Pistol Pete' Rollack”)?
kerem closed this issue 2026-03-01 17:45:44 +03:00
kerem commented 2026-03-01 17:45:45 +03:00
Author
Owner
Copy link

@bruceleerabbit commented on GitHub (Feb 3, 2022):

Well, tampering with the Reply-To: field is kind of a sketchy idea (though not nearly as bad as tampering with the FROM field as it is now).

The best approach as far as I can tell is to put the currently munged From: contents in a new field labeled Resent-From: (see bug #242). But note this is not perfect either because mail clients are not supposed to process or react to the Resent- headers in any way, and probably many MUAs don't even show those fields to the user unless they specifically ask for a raw view of the headers.

So there's merit to hijacking the Reply-To field and there's also merit to using Resent-From, generally depending on the MUA, user expertise, and the user’s workflow.

In the end I’m afraid this really should be a user-specified configuration option.

Another consideration: when anonaddy creates a reply forwarding address, does it store the FROM address or the REPLY-TO? Ideally it should route to the Reply-To address if it exists, and otherwise route to the From address. And the headers should enable the recipient to know what's going on. That is, create an X-Original-Reply-To if Reply-To is being munged, and create X-Original-From if From is being munged.

<!-- gh-comment-id:1029451816 --> @bruceleerabbit commented on GitHub (Feb 3, 2022): Well, tampering with the `Reply-To:` field is kind of a sketchy idea (though not nearly as bad as tampering with the FROM field as it is now). The best approach as far as I can tell is to put the currently munged `From:` contents in a new field labeled `Resent-From:` (see bug #242). But note this is not perfect either because mail clients are not supposed to process or react to the `Resent-` headers in any way, and probably many MUAs don't even show those fields to the user unless they specifically ask for a raw view of the headers. So there's merit to hijacking the `Reply-To` field and there's also merit to using `Resent-From`, generally depending on the MUA, user expertise, and the user’s workflow. In the end I’m afraid this really should be a user-specified configuration option. Another consideration: when anonaddy creates a reply forwarding address, does it store the FROM address or the REPLY-TO? Ideally it should route to the `Reply-To` address if it exists, and otherwise route to the `From` address. And the headers should enable the recipient to know what's going on. That is, create an `X-Original-Reply-To` if `Reply-To` is being munged, and create `X-Original-From` if `From` is being munged.
kerem commented 2026-03-01 17:45:45 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Feb 7, 2022):

I've added the following headers on forwarded messages:

  • X-AnonAddy-Original-From-Header
  • X-AnonAddy-Original-Reply-To-Header
<!-- gh-comment-id:1031355616 --> @willbrowningme commented on GitHub (Feb 7, 2022): I've added the following headers on forwarded messages: - `X-AnonAddy-Original-From-Header` - `X-AnonAddy-Original-Reply-To-Header`
kerem commented 2026-03-01 17:45:45 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Nov 1, 2022):

The reason the From: header is munged and shown in that way is because if it is left untouched e.g.

From: "PayPal 'support@paypal.com'" paypal+support=paypal.com@bruceleerabbit.anonaddy.com

Then it is highly likely to be rejected as a suspected phishing attempt.

You can already change the setting on the settings page "Use Reply-To Header For Replying" which will set that address as the Reply-To: header instead.

I will be adding the option to change the format of the From: header shortly - https://github.com/anonaddy/anonaddy/discussions/370

<!-- gh-comment-id:1298357330 --> @willbrowningme commented on GitHub (Nov 1, 2022): The reason the `From:` header is munged and shown in that way is because if it is left untouched e.g. From: "PayPal 'support@paypal.com'" <paypal+support=paypal.com@bruceleerabbit.anonaddy.com> Then it is highly likely to be rejected as a suspected phishing attempt. You can already change the setting on the settings page "Use Reply-To Header For Replying" which will set that address as the `Reply-To:` header instead. I will be adding the option to change the format of the `From:` header shortly - https://github.com/anonaddy/anonaddy/discussions/370
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#213
No description provided.