What's the difference between the Envelope From and Sender From in an email?

jimlowrey's picture

Basically Envelope From is used are part of the protocol and Send From is part of the data. Read on for an explanation.

The SMTP protocol requires that you declare

mail from:<from@jlowrey.com>
rcpt to:<jimlowrey@gmail.com>

during the protocol transaction.

In other words when one mail server is talking to another, the one sending the mail states the 'mail from' and 'rcpt to'. This is wholely independent of the content, specifically the content headers 'From' and 'To'. From what I can tell this is strictly who sent the mail and where should it go.

In gmail these values show up as,

Return-Path: <from@jlowrey.com>
Delivered-To: jimlowrey@gmail.com

in the email source headers.

Here's an example using a direct telnet to port 25 on one of my servers.

Note the part with the bright dots is all I typed. The rest is responses from the email server on that machine. Try it.

Here's what the email looks like in gmail.

Hmmm... that looks strange. (no subject)? to undisclosed recipients? What's up with that? Oh, yea, that's cause we didn't specify any email headers. All we told gmail was related the conversation between servers, the protocol. We said nothing of the email headers, To:, From:, Subject: and so on. So Gmail assumed From: was the same as the protocol from and punted on the rest. Here's a more normal looking email

Note the Subject, From, and To look more familiar. This was sent from my Gmail account back to itself so of course it put in the proper headers.

OK... so now what? What about the Sender From? Sender From or just From, Subject, To and the rest are specified in the actual data that is sent. The part that is typed in after the "data" command in the telnet session. They are not part of the SMTP protocol. Think of raising your hand at an auction vs what you say once you have the floor. Envelope From is part of raising your hand. Sender From and, Subject, and To and so are part of what you say.

Really? What fun can we have with that?

We send completely different headers. Look, Gmail is cool with it. Not sure what's up with the cheese and monkeys but take a look at the Gmail display of this email.

So the email client, Gmail in this case, displayed the "data" headers as we asked. Even though the From and To are completely wrong. Forged email anyone? My guess is that many servers wouldn't take this email but me and google, you know, we're like, tight and stuff. Err.. I think Gmail is a bit more permissive as they have other means to limit spam.

To round this out let's take a look at the email source for our respective emails.
The first email,

The first two highlights show artifacts from the protocol. The part in the auction where a hand was raised.

Return-Path: <from@jlowrey.com>
Delivered-To: jimlowrey@gmail.com

correspond to
mail from:<from@jlowrey.com>
rcpt to:<jimlowrey@gmail.com>

How about that. Now let's look at our email with a Sender From ( and To and Subject ).

Take special note of,

From: bigcheese@biggercheese.com
To: onefatmonkey@morecheese.com
Subject: These headers are totally bogus!

These were part of the actual email and not the protocol, handshaking, getting to talk at an auction, or whatever you want to call it.

Thus, hopefully, we see that Sender From is part of the email that you want the user to see and the Envelope From is part of what the mail servers use to talk to each other.