Torsten Curdt’s weblog

Gmail Sender header

Is it just me who thinks that Gmail’s “Sender” header stinks? It contains your Gmail address even when you choose a different sender in the web interface. All it changes is the “From” header which gives a problem with many mailing list systems. Over at Apache you have to send a request to


so mails don’t have to get moderated every time you post. You may argue Gmail does the right thing and the mailing list systems/setups should be fixed. But that is probably to discuss and also sounds like fighting against windmills.

  • What is the best solution!?!?

    We have Google Voice accounts... and we, stupidly, connected them to Gmail accounts with names we would rather NOT use... (rather NOT be known as....).

    However, we LOVE the idea of integrating all our Contacts with Gmail AND Google Voice...

    (If we had it to do over again... I would have created a brand new gmail address for the Google Voice account... a generic one. For example, for a Google Voice number, 313-453-3011... I would have created a new Gmail account called 3134533011@gmail.com ....If only I had know this would be a problem.)

    And NOW.... Once the Google Voice (& associated phone number) is connected to a Gmail account... it's "PERMANENT"... OY MAMA!!!! IF only I had known!!!

    I want to remain logged in to use Google Voice, Gmail, Google Calendar, and Google Docs.... all day long... I don't want to have to log out, and log back in... EVERY SINGLE TIME I CHECK FOR NEW VOICEMAIL and SMS MESSAGES.... Geez.
  • Grrr
    "then Google has no choice but to add the Sender header"

    Choice 1: Save password information and log into the other email address's account to send it from the correct server, like a normal desktop email client.
    Choice 2: Use a dummy Sender address like "forwarded-mail@gmail.com" to protect the user's privacy.
  • Grrr
    This really irritates me, and they don't seem to see any reason why this should be changed, even though it's a violation of privacy for a lot of users who are completely unaware of the consequences.

    When you're logged into Gmail address A, and sending from Gmail address B, why aren't the headers identical to being signed into Gmail address B? I log out and log back in to send from different addresses to avoid this.
  • Well, I yet have to find a proper alternative. And grown-up as you call it is not a feature but a requirement.
  • Welcome to the email system which it's aim it is to make you 70% happy. They do not give much about opinions (they say thank you every time tough).

    Feel free to switch if you don't like it as there are plenty alternative around. All-tough not many are yet grown-up.
  • @Andy: if I can receive email at that address (and this was verified) it should be totally OK to relay the mail. At least in theory.
  • steve
    I get around the gmail "sender" header issue with eudora that lets me send using any domain I want and does not use a "sender" header. I also do this on a domain I run with SPF. all kosher. long live eudora POP3 on gmail
  • Andy Beverley
    I don't think setting it will make any difference. It's just that Google have to assume that you do have one, and therefore set the Sender header. Regardless of the SPF record though, Google still need to set a Sender header to sign email with DKIM, which gives your email some authenticity.

    The whole issue really boils down to the need to get away from the luxury of being able to forge email addresses, which is essentially what Google has to do to set your from address. I think if email was designed today with spammers in mind, then it would be a lot more difficult to "send email on behalf of".
  • Well, my vafer.org domain has no SPF record still there is the problem. Question is whether setting it would solve the problem.
  • Andy
    Royce is absolutely correct. If the domain of the email address that you want your email to appear to come from has an SPF record (very likely these days), then Google has no choice but to add the Sender header, otherwise your email is likely to be discarded as spam. This is because any receiving email server will say "well this email claims it is from joebloggs.com, but I know that the server I received it from should not be sending emails from joebloggs.com, so I'll ditch it".

    Ultimately this is one of the many problems that spammers have left us with I'm afraid. Google is doing the right thing to ensure your mail is delivered properly. The header also allows Google to sign your messages with DKIM, reducing further the chance of them being classed as spam.
  • If the non-Google domain that you're using in Gmail has a published SPF record that doesn't include Google in its list of authorized sending IP space, perhaps this provides for a workaround?
  • FUcck the feature
    It contains your Gmail address even when you choose a different sender in the web interface.
    This really made me sick!

    If the mail receiver is enough wiser,she/he can still manage to view my actually gmail account.
    For example,my account is actually fuuckgoogle@gmail.com,I set the "reply to" and "from" address to plz-reply-here@hotmail.com.However the address plz-reply-here@hotmail.com will have been seen at the "full content of email".
    This realy made me sick.

    Get fuuuck off gmail.Back to yahoo.
  • Add me to the list of frustrated gmail users. I'd hoped to consolidate multiple accounts under one google apps account, but I'm now getting confused reports from Outlook-using friends and colleagues ("on behalf of ...??!"), and huge problems subscribing and sending to mailing lists.

    Come on Google, please fix this!
  • Eric
    I am sick and tired of my email recipients asking me if I changed my email address. And for all the reasons mentioned by users above, there is NO reason GMail couldn't use the FROM address in the SENDER field.
  • Jeff MAURY
    Also occurs with codehaus mailing lists (Xircles bases)
  • Tom
    Checking mail sent from gmail to my smtp server I see the smtp envelope MAIL FROM address matches the From header which is good, but including the Sender header is bad for all the reasons given.
  • Oliver
    This has caused mountains of problems for me. I use gmail to run my disposable accounts, and this one stupid line has (a) exposed my direct address to people I don't want to have it, and (b) some people have started using it when I really need them to use THE ADDRESS I SET TO GOOGLE'S DEFAULT.

    This must be fixed.
  • KAO
    This problem is still an issue, tried for ages to unsubscribe from a darn ezmlm list just now, but had to find old webmails and everything, sheesh. Petitiononline anyone?
  • dpk
    This is definitely a problem with gmail, but I think it's also a problem with Apache's mailing list configuration. I've never had this problem on any other mailing list before.

    I'm having to do the SMTP transactions by hand to unsubscribe from the damned list.
  • Erik
    If it hadn't been for all the other cool features in gmail I would have left it a long time ago. I have been using the "from" feature for both private and business emails and I have become to realize it is basically useless because I often receive replies to my gmail address. The receivers of my emails are often confused because they do not know how to interpret the "..on behalf of.." (they are no techie guys). My guess is that Google's relunctance to find a solution to this annoyance is that it is part of the future business model for gmail.
  • Cho R. Lame
    Sorry Travis, you need to re-read RFC 822. Web apps that generate email are not the same as web-based interactive email systems. Section 4.4.2 describes the Sender header:

    This field contains the authenticated identity of the AGENT
    (person, system or process) that sends the message. It is intended for use when the sender is not the author of the message, or to indicate who among a group of authors actually sent the message.

    There's no reason the "authenticated identity" in the gmail case can't be the same as the From address. Gmail authenticates the From address by sending an email to it with a confirmation code.
  • Brad Clarke
    That's fine but the given sender address does not have to be the same address you send the message from. Due to the nature of POP and SMTP being different protocols the address you can receive messages at really has nothing to do with how you are sending them.
  • Travis
    "Sender:" is a required field under these circumstances, per RFC 822.

    I was writing a web app that generated an email last year, which didn't include a "Sender:" header in its output (I didn't know about it back then). Unfortunately that omission resulted in a very long and very tedious email discussion on the subject with our resident old-school Unix-heads.
  • Brad Clarke
    This goes beyond annoying. I've been using gmail for 2 days now and this single problem makes the whole thing unusable for me. Hate to do it but I've got no choice but to go back to Yahoo Plus :(
  • This bugs the crap out of me too! I switched all by email addresses over to gmail thinking it would be the perfect solution, loved the way it works. But this problem stinks!!

    Come on Google, surly it cant be that tough!

  • Count me in as "annoyed".
  • It's not just you ;) I'm annoyed by this too, and I could swear I blogged about last year when I switched to GMail, but I can't find the link...
  • Joshua Slive
    Just to be really accurate, it is not the Sender header that causes this problem for ezmlm, it is the envelope-sender sent as part of the smtp transaction. Gmail sets this to the same as the Sender header. (On the other hand, the "On behalf of" thing that Outlook does that annoys so many gmail users *is* caused by the Sender header.)

    My guess is that gmail does this in order to deal with spf/domainkeys-type anti-spam systems. But I agree it is pretty annoying.
blog comments powered by Disqus