Difference between the "From" and "Sender" header in an email


At a glance, the From and Sender header appears identical in an email. However, there is a subtle difference that can play an essential role in some instances. This article explores their differences and discusses the instances when they should differ.

Definitions

According to the RFC, the From header specifies the author's name and address. On the other hand, the Sender specifies the agent's mailbox responsible for the actual transmission. A sender header is not required, and therefore, is often missing. This is because in most cases they are identical and there is no need for it.

When is Sender Different?

Consider the following scenario as an example:

  • An employee, Jane Doe (jane.doe@yourcompany.com), wants to forward incoming emails to her jane.doe@gmail.com address
  • To accomplish this goal, the administrator creates a server side rule so every message to Jane Doe is automatically forwarded to a Gmail address
  • Assume an email arrives with the following headers: 
    From: "John Doe" <john.doe@hotmail.com>
To: "Jane Doe" <jane.doe@yourcompany.com>
Subject: Meeting agenda
  • Notice the From header belongs to a hotmail.com account.
  • Forwarding this message as-is would be considered a forgery by the receiving server (@gmail.com) because your email server is not authorized to originate an email from @hotmail.com.
  • To fix the forgery problem, the email system needs to change the email header to the following value: 
    From: "John Doe" <john.doe@hotmail.com>
Sender: jane.doe@yourcompany.com
To: "Jane Doe" <jane.doe@yourcompany.com>
Subject: Meeting agenda
  • Using a different value in the Sender field will alter the SMTP envelope during the message delivery. Refer to the code snippet below demonstrating the values specified in SMTP envelope. 
    C --> HELO mail.yourcompany.com
S <-- 250 OK
C --> MAIL FROM: <jane.doe@yourcompany.com>
S <-- 250 OK
C --> RCPT TO: <john.doe@hotmail.com>
S <-- 250 OK
C --> DATA
S <-- 354 OK
    A modified value in the Sender header will modify the MAIL FROM value in the SMTP envelope. This will cause the receiving server to perform an SPF lookup against yourcompany.com instead of hotmail.com, solving the forgery problem.

How is Sender used in Xeams

Xeams automatically adds the Sender header into any incoming email when expanding a distribution list. A distribution list in Xeams can either be expanded to a single address, similar to the Jane Doe's example above or to multiple recipients. Consider the following scenario as an example:

  • You create a distribution list with the following values:
    football-team@yourcompany.com expands to jack@yourcompany.com, bill@yahoo.com, bob@somewhere.com
  • An email comes in from manager@fb-league.com. This message needs to be forwarded to yahoo.com and somewhere.com in a way that it should not be considered a forgery. Therefore, Xeams will add automatically add a Sender header to fix the problem, which will also modify the MAIL FROM in the envelope.