1784050 - MDN return receipts are not sent from actual recipient identity but from default identity (privacy invasion)

Status: NEW

(Thunderbird :: General, defect)

Description

[wp_schwarz_softws]

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0

Steps to reproduce:

I have several Email accounts managed in my Thunderbird client and I am extensively using alias addresses for them. I send out a message from one of my accounts (account1@...) to another (account2@...) using an alias address (alias2@...) as receiver and request a receipt. Now sending the receipt from account2@...

Actual results:

When I look into the receipt of account2@... back to account1@... I see account2@... as sender of the receipt instead of alias2@...

Expected results:

Using alias addresses as sender I want to keep my actual account secret. But sending a receipt of an email received at an alias address discloses the real account behind the alias which I do not want.
Also it would be nice if I send an answer to an email on an alias that the alias address appears automatically as new sender instead of the real account.

Comment 1

[chrizilla]

Can reproduce in TB 115.6.1 @ win10-64bit.

Using alias addresses as sender I want to keep my actual account secret. But sending a receipt of an email received at an alias address discloses the real account behind the alias which I do not want.

This is a major privacy problem.
It comes as a shock to me, that apparently for years I have acknowledged MDNs sent to my work address by my private address.
I only discovered this by accidentally acknowledging a MDN requested by my own message (due to bug 1244023).
I suspect that this is a very underreported problem as normally users don't send MDNs to themselves.

It's also confusing for the sender, who receives Thunderbird's MDN stating
This is a Return Receipt for the mail that you sent to __________ .
But the sender never sent a mail to this address.