Ask HN: Why are most web services "spoofing" the From email header?

2 points by boronine 2 years ago · 2 comments · 1 min read

Reader

All examples below are "From" headers in emails sent from various web services to our corporate email. This makes it look like we are sending emails to ourselves.

Some examples:

    "'Amazon Web Services' via Redacted - Admin" <admin@redacted.com>
    'Mezmo, Inc.' via Redacted Inc. - Admin <admin@redacted.com>
    'service@intl.paypal.com' via Redacted - Admin <admin@redacted.com>
    noreply-spamdigest via Redacted - Support <support@redacted.com>
    'Shopify Partners' via Redacted Inc. - Admin <admin@redacted.com>

Some notable exceptions:

    Heroku Billing Team <team.notifications@herokumanager.com>
    Wise <info@wise.com>

Questions:

1. What could be the justification for this practice?

2. Does this practice have a name?

3. Is this not considered spoofing?

4. Reading plainly, "X via Y" implies that Y is facilitating something on behalf of X, is this the intended reading?

sacrosanct 2 years ago

If the shop is doing DMARC[0] & DKIM[1] this is a non-issue

[0] https://en.m.wikipedia.org/wiki/DMARC

[1] https://en.m.wikipedia.org/wiki/DomainKeys_Identified_Mail

boronineOP 2 years ago

That DMARC link talks about "From: rewriting" with a similar example using "via". I suppose this addresses the "spoofing" part of my question, thanks! I would still like to know more about this practice in transactional emails.

Settings

Ask HN: Why are most web services "spoofing" the From email header?

Keyboard Shortcuts