mozilla should not send "Sender: "



MailNews Core
Networking: SMTP
17 years ago
9 years ago


(Reporter: epu, Unassigned)


Firefox Tracking Flags

(Not tracked)




17 years ago
Adding spyware to mozilla it's a bad idea.
I recommend you to cut it.

Sending "Sender:" in the message header don't help anyone
because you allow industrial espionage and your software becomes spyware
this is very seriously taken in many countries.

In any case,
Why sending "Sender:" if the windows version doesn't sent it.
Also the user can put in "Sender: " whatever he wants.

So this header doesn't do any work and allow industrial espionage
and spyware.

It would be a great idea if you cut this spyware.

--- mozilla/mailnews/compose/src/nsSmtpProtocol.cpp     Fri Jun 29 04:05:37 2001
+++ mozilla/mailnews/compose/src/nsSmtpProtocol.cpp     Fri Jul  6 17:23:06 2001
@@ -1071,44 +1071,8 @@
                 m_urlErrorState = NS_ERROR_BUT_DONT_SHOW_ALERT;
-#ifdef XP_UNIX
-       {
-         const char * FE_UsersRealMailAddress(void); /* definition */
-         const char *real_name;
-         char *s = 0;
-         PRBool suppress_sender_header = PR_FALSE;

-         PREF_GetBoolPref ("mail.suppress_sender_header",
-         if (!suppress_sender_header)
-           {
-             real_name =  FE_UsersRealMailAddress();
-             s = (real_name ? MSG_MakeFullAddress (NULL, real_name) : 0);
-             if (real_name && !s)
-               {
-                               m_urlErrorState = NS_ERROR_COULD_NOT_GET_UID;
-                               return(NS_ERROR_COULD_NOT_GET_UID);
-               }
-             if(real_name)
-               {
-                 char buffer[512];
-                 PR_snprintf(buffer, sizeof(buffer), "Sender: %.256s" CRLF,
-                 NS_MsgSACat(command, buffer);
-                 if(!command)
-                   {
-                     m_urlErrorState = NS_ERROR_OUT_OF_MEMORY;
-                     return(NS_ERROR_OUT_OF_MEMORY);
-                   }
-             status = (int) NET_BlockingWrite(CE_SOCK, command,
-             if(status < 0)
-               {
-               }
-        }
-           }
-       }
-#endif /* XP_UNIX */
-#endif /* UNREADY_CODE */
+       /* We don't send Sender: anymore as it's spyware */

Given that "Sender: " should be the authenticated email address of the sender,
I'm curious as to why we're creating it; it seems like the job of the MTA, not
the MUA.

Comment 2

17 years ago
Yes, sending "Sender: " it's a nonsense.
And many MTAs do this work by checking ident.
see bug 17319 for the implementation of the Sender: header....
Ever confirmed: true

Comment 4

17 years ago
I have read comments on bug 17319, but the author is missing something very
He thinks every user in the world has a Unix machine with a public IP and
a registered MX in the dns. But, many people use Linux with ppp and a modem.
In this case the email address doesn't math very often. And he could leak
the login and name of his machine that maybe he wouldn't like to say in
every email he sends. Even mozilla developers don't want to say from what
machine and login he wrote the email just that the email is from

Anyway, the user can have many email addresses.
The login and name of the machine don't have to match the email address.
Product: MailNews → Core


10 years ago
Assignee: mscott → nobody

Comment 5

9 years ago
The code mentioned in the initial description has been removed as part of the patch for bug 173634, thus this issue is no longer present and no "Sender:" header is included for any outgoing mail.

-> WFM (problem disappeared by means of other bugs)
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME


9 years ago
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.