Email envelope headers (was Re: Please help me get out for my holiday break)
On Sat, Jul 26, 2025 at 08:02:58 -0400, rhkramer@gmail.com wrote:
> (I'm not the OP) Oh, that's interesting -- I've always had trouble with the
> term "Envelope" address, and looking at the headers in the email I'm replying
> to, I see that the first header is "Delivered-To:" <my email address> and there
> is no header labeled "Envelope"<anything>.
>
> I'm guessing / assuming that is what's known as the envelope address,
Yes, that header is added during the final delivery, by whatever Mail
Transport Agent you're using, and they don't all do it the same way.
Qmail and Postfix use "Delivered-To:", and presumably yours does as well.
> and then one of:
> (1) It got quoted wrong,
> (2) different email clients label the headers differently (I wouldn't think
> so, I assume those headers are in the email itself, not added by an email
> client), or
> (3) there is a header not displayed by my email client (an older version of
> Kmail) (also unlikely, I think).
They are added by the MTA or delivery agent that does the final delivery,
or not added at all if your MTA doesn't choose to add them.
> But, in any case, I now think I understand "envelope address" (or will, soon).
When the mail is *sent*, the Mail User Agent (or "email client")
generates a message, which consists of a set of headers ("From:", "To:"
and so on), followed by a blank line, followed by the body. It tells the
Mail Transfer Agent "Here's a message to be delievered to the following
addresses." Those addresses are not necessarily the same as what's
shown in the headers. They are the "envelope recipient addresses".
(A "Bcc" or "blind carbon copy" is done by omitting one or more envelope
recipients from the headers, so people receiving the message may not
know all of the other recipients.)
The MTA which gets this message from the MUA, assuming it permits this
message to be sent in the first place, will add a "Received:" header
to the top of the header section, and will figure out where to send
it, based on the envelope recipient(s). When it sends the message,
it tells the second MTA "Here's a message from such-and-such, to
the following recipients." That "such-and-such" which is passed along
from the first MTA to the second MTA is the "envelope sender address",
which may or may not be the same as what's in the "From:" header.
The receiving MTA may use that information to decide whether the
message is spam. It may also use the From: header, if it allows the
message to be transmitted at all. It may compare the two. It may
roll dice. You never know.
(Originally, the envelope sender address was used to send error reports
back to the sender, in case the message couldn't be delivered. But since
the envelope sender address is *not* reliable, its use for "bounce"
errors has become a vector for back-scatter spam, and is no longer
considered a best practice.)
At this point, assuming the second MTA accepts the message, it adds
another "Received:" header to the top of the message, and then puts
the message in a queue for either local delivery, or another remote
delivery. If there's another remote delivery hop, then we keep
following the chain of MTAs, each one being told the envelope sender,
the envelope recipients, and the ever-growing message itself, with
each MTA adding another "Received:" header to the top of it.
Once the message is queued for local delivery, the local delivery
agent (which may be part of the MTA or a separate program) may add the
envelope addresses (sender and recipient) to the message during delivery,
or it may not.
The addition of "Delivered-To:" and other envelope headers was a new
feature in some MTAs developed in the 1990s, when the Internet was just
starting to experience spam and other malicious actions. Email was
starting to become polluted. Some additional tracking measures were
needed, so MTAs and delivery agents started to be a little more verbose.
The "Delivered-To:" header was also added specifically to prevent
mail loops, according to <https://cr.yp.to/qmail.html>. From what
I understand, this is because a local delivery may not be the *final*
delivery. A user may set up a ~/.forward or equivalent file which
directs locally delivered messages to another address, or set of
addresses.
So, imagine that user joe at A.com has a .forward file which sends
messages to user jane at B.com, and jane has a .forward file which
sends messages to joe at A.com. A message delivered to either of
these users would keep hopping back and forth forever.
That's where the Delivered-To: header comes in. When the delivery
agent at A.com delivers the message to joe, it stamps it with a
"Delivered-To: joe@a.com" header. This happens before it's
forwarded to jane@b.com. If jane's MTA sends it back to A.com, then
another message will be delivered to joe, but this one already has
that "Delivered-To: joe@a.com" header in it. The delivery agent
will see that, detect a mail loop, and discard the message. (I'm
not sure whether a bounce error message is generated in this case.)
Reply to: