Recently I had a client come to me that wanted assistance with their deliverability. They are in the business of sending online greeting cards, and wanted to be able to ”spoof” or change the ”from” line in their emails to be the actual email address of the person sending the card. So, for example, if a person who uses the email address email@example.com, that email address would actually show as the ”sender” – rather than the sending address of the greeting card company.
While there are plenty of companies out there that either do this currently or would like to do so with their mailing, what they don’t realize is using this technique could potentially break any authentication methods they have implemented.
How this breaks authentication:
Consider the following example: A news agency that uses the IP address 184.108.40.206 to send their email offers a ”forward to a friend” option. I have an email address at an ISP, and use my email account there to forward an article I read. Although the news agency was the actual sender of the message I forwarded, they don’t own nor control the ISP email domain, and thus cannot authenticate their sending IP address 220.127.116.11, as a valid sending IP from my ISP.
So, as a sender, how do you get around this issue when you want to use this type of implementation – where you don’t want to use your domain in the ”from” line? The solution: use a ”sender” header.
What is a sender header and how does it work?
When an ISP verifies sender authentication, they check both the domain found in the ”from” line as well as the ”return path”. They also look for any additional headers to identify the sender, and if found, this overrides any other sender domain information. The syntax of this header is also quite simple:
And this is how it would look in context:[headers] Date: Thu, 31 Jan 2008 17:16:47 -0700
To: John Doe
From: Jane Doe
Some email clients, notably Microsoft Outlook, will modify the ”from” line to show the sender header information on behalf of the email address in the ”from” line. To use the data from the above example, the ”from” line would show:
firstname.lastname@example.org on behalf of email@example.com
Hopefully this has provided some insight into some additional ways that you can be creative in your email sending practices, but still follow best practices.
Until next time,
Drink Responsibly, Drive Responsibly, Email Responsibly
Director of Deliverability