Ask HN: Why are most web services "spoofing" the From email header?

Y	Hacker News new \| ask \| show \| jobs

2 points by boronine 873 days ago

All examples below are "From" headers in emails sent from various web services to our corporate email. This makes it look like we are sending emails to ourselves.

Some examples:

    "'Amazon Web Services' via Redacted - Admin" <admin@redacted.com>
    'Mezmo, Inc.' via Redacted Inc. - Admin <admin@redacted.com>
    'service@intl.paypal.com' via Redacted - Admin <admin@redacted.com>
    noreply-spamdigest via Redacted - Support <support@redacted.com>
    'Shopify Partners' via Redacted Inc. - Admin <admin@redacted.com>

Some notable exceptions:

    Heroku Billing Team <team.notifications@herokumanager.com>
    Wise <info@wise.com>

Questions:

1. What could be the justification for this practice?

2. Does this practice have a name?

3. Is this not considered spoofing?

4. Reading plainly, "X via Y" implies that Y is facilitating something on behalf of X, is this the intended reading?

1 comments

sacrosanct 873 days ago

If the shop is doing DMARC[0] & DKIM[1] this is a non-issue

[0] https://en.m.wikipedia.org/wiki/DMARC

[1] https://en.m.wikipedia.org/wiki/DomainKeys_Identified_Mail

link

boronine 873 days ago

That DMARC link talks about "From: rewriting" with a similar example using "via". I suppose this addresses the "spoofing" part of my question, thanks! I would still like to know more about this practice in transactional emails.

link