To explain the difference between the "envelope from" and "message from" in the context of email, we can use the analogy of a traditional postal letter
When you send a traditional postal letter, there are two important pieces of information related to the sender: the return address on the envelope and the sender's address in the letter itself.
Postal Mail : Envelope From and Message from
Envelope From
This is like the return address on the outside of the envelope. It tells the postal service where to return the letter if it cannot be delivered.Here the return address/ From address is Ben Charles,California
Message From
There is a from name and address of the sender written inside the letter. It tells the recipient who sent the letter. Here the from address is “Tony Rock”,NewYork
Important Points
-
Notice the name of the sender on the actual letter is Tony Rock, which is different than what was specified on the envelope Ben Charles
-
If John did not look at the envelope, she would have thought the letter was sent by Tony Rock
Email : Envelope From and Message from
Envelope From
The "envelope from" is the email address used by the email server to route the message. It's also known as the SMTP envelope sender / return-path/Bounce address/Mail From. This is the address where bounce-back messages (notifications of failed delivery) are sent.
Message From
The "message from" is the email address displayed in the "From" field of the email header. This is the address that the recipient sees in their email client, indicating who the email is from.
Here you can see that email client is showing “Message” from and the Envelope from is hidden.
Sample SMTP Transaction
An SMTP transaction typically involves a series of commands exchanged between the client (the sender's email server) and the server (the recipient's email server). Here's a step-by-step example of an SMTP transaction with focus on the "MAIL FROM" and "RCPT TO" commands:
Here you can see the commands issued by the client and the responses from the server, described in “GREEN”
Here you can see that the "MAIL FROM" (MAIL FROM:<ben.charles@xyzinc.com>) is part of the SMTP transaction, whereas the "message from"tony.rock@zxinc.com is part of the actual email message.
Known cases where "envelope from" and "message from" are different
-
Mailing Lists: When emails are sent through a mailing list, the "envelope from" address often corresponds to the mailing list server , while the "message from" address is that of the original sender.
-
Forwarding Services: When an email is forwarded by a service, the "envelope from" might be the forwarding service, while the "message from" remains the original sender's address
-
Automated Emails: In automated or transactional emails, the "envelope from" is typically a no-reply or system address, while the "message from" might be a user-facing address for replies.
-
Third-Party Email Services: When using third-party services (e.g., CRM systems, marketing platforms) to send emails on behalf of a user, the "envelope from" could be the service's domain, while the "message from" is the user's address.
-
Email Aliases: Users can send emails using aliases, where the "envelope from" is the underlying actual email address, while the "message from" is the alias address.
-
Spoofing and Phishing: In malicious scenarios, attackers may deliberately set different "envelope from" and "message from" addresses to deceive recipients.
Why Envelope from address is generally considered more authentic
The "MAIL FROM" address is used during the SMTP handshake between mail servers. It is part of the actual transmission process, making it less susceptible to easy manipulation compared to the "message from" address.Changing the "message from" address using a script is relatively easy. This is because the "message from" address is part of the email headers, which can be freely manipulated by the sender before the email is sent
SPF checks are performed against the "MAIL FROM" address. An SPF record specifies which mail servers are allowed to send emails on behalf of a domain, helping to prevent spoofing and ensuring that the email is coming from an authorized server.