Implement correct send-as-user behavior.
Open, NormalPublic


It looks like phabricator doesn't make use of "Sender" in phpmailerlite when sending mails as a different user - this leads to the problems described in send-as-user. Setting "Sender" (and thus the MAIL FROM field) to a single known entity while still setting "From" to the user should fix those problems.

klimek added a subscriber: klimek.Oct 1 2012, 11:35 AM
epriestley triaged this task as "Normal" priority.Oct 1 2012, 1:39 PM

This is worth pursuing since it could reduce configuration complexity and allow us to pick better defaults, but requires some finesse to implement and test; SendGrid does not allow us to specify a separate Sender and SES may or may not.

I also worry we may run into deliverability issues:

The vast majority of SPF implementations today use the return-path as the subject of authentication and do not get involved with the header "From:".

Does "vast majority" mean "99.99999%" or "98%"?

This (random internet answer) suggests the opposite, although there's little reason to believe it is accurate since it doesn't discuss Return-Path:

Most mail servers with SPF checking will be checking just the From: header, they won't care about the Sender header.

My guess is that we won't hit deliverability issues, but it's really hard to verify and debug if 1-2% of mail fails to arrive.

The short term approach to this might be to add more configuration, e.g. a flag which sets Sender to a well-known address if possible for the adapter. Then you could run with that and see if you hit issues.

jsonn added a comment.Oct 1 2012, 2:30 PM

Any SPF implementation that uses the "From:" header and not the envelope will already fail in a number of typical use cases:

  • BCC
  • mailing lists

Especially the second is common enough that people do care if it gets broken. As such I don't think there are likely to be any issues.

jsonn added a subscriber: jsonn.Oct 1 2012, 2:30 PM
klimek added a comment.Jul 1 2015, 7:56 AM

T8724 has an implementation idea on how to fix this. Would there be interest in a full patch?

This is a very low priority for the upstream.

eadler added a project: Restricted Project.Jan 9 2016, 12:39 AM
eadler moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
eadler moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 4 2016, 9:09 PM
eadler moved this task from Backlog to Nits on the llvm board.

Note that there is a Sender-related RCE in PHPMailer until Dec 2016, see T12046 for discussion.