EmailDiscussions.com - View Single Post

David MacQuigg · 29 Nov 2006, 04:28 AM

I would like to get some opinions from folks who can read email headers, but are not necessarily email experts. The question is - in placing a new header, should we follow strict chronological sequence, or follow the common convention of always making the Received header lowest in the group of headers prepended by our Mail Transfer Agent (MTA). Here is an example from our current mailflow:

Received: from fence.pobox.com (fence.pobox.com [208.210.124.76]) by
wand.pobox.com (Postfix) with ESMTP id EDBE424BD for
<07422030@mailstore.pobox.com>; Thu, 16 Nov 2006 06:28:33 -0500 (EST)
Received: from fence.pobox.com (localhost [127.0.0.1]) by fence.pobox.com
(Postfix) with ESMTP id 716F2F0A8 for <07422030@mailstore.pobox.com>; Thu, 16
Nov 2006 06:28:27 -0500 (EST)
Delivered-To: xxx@pobox.com
Received: from fence (localhost [127.0.0.1]) by fence.pobox.com (Postfix)
with ESMTP id D99961161C for <xxx@pobox.com.07422030.000.icgmh>; Thu, 16
Nov 2006 06:27:33 -0500 (EST)
X-Pobox-Pass: SRS0=itbTd7ph=E4=pco-iraq.net=xxx@open-mail.org is
whitelisted
Received: from open-mail.org (open-mail.org [207.210.221.26]) by
fence.pobox.com (Postfix) with ESMTP id D913F116FE for <xxx@pobox.com>;
Thu, 16 Nov 2006 06:24:17 -0500 (EST)
X-SpamScore: -14.0
Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by
open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for
<xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500
X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) <=====
Received: from pavo.pco-iraq.net ([64.191.210.183]) by CANCER.pco-iraq.net
with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:22:16 +0300
Received: from FORNAX.pco-iraq.net ([172.16.5.106]) by pavo.pco-iraq.net with
Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:20:52 +0300

The new header is marked with <=====. That and the two above it are our headers. The order of events is
1) We get a request for a mail session: HELO this is pco-iraq.net.
2) We authenticate the alleged sender 'pco-iraq.net' against the incoming IP address, and reject forgeries.
3) We prepend our new X-Authent header with the authentication results and the senders ratings.
4) We then receive the message headers and bodies, and prepend a Received header to mark that event.
5) If the sender is not whitelisted, the message goes to our spam filter, and we prepend the results with an X-SpamScore header.

The experts are telling me - no this is wrong. The header order should be:
X-SpamScore: -14.0
X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) <=====
Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by
open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for
<xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500

There is no RFC standard mandating this order. It appears we are free to chose any order we want as long as we keep them together in a block. So the experts appear to be favoring what seems more familiar - Received header always at the bottom.

My intent in placing the X-Authent header at the bottom was to follow a simple rule (strict chronology) that even non-experts will be able to follow - Everything above X-Authent is trusted. Everything below is not.

So the tradeoff appears to be simplicity for non-experts vs following a convention expected by experts.

One of my pet peeves is mail forwarders who re-order existing headers - a clear violation of standards with no apparent need (making the headers pretty, I guess)!

29 Nov 2006, 04:28 AM	#1
David MacQuigg Member Join Date: Aug 2006 Location: Tucson AZ Posts: 66 Representative of: Open-Mail.org	Header Order I would like to get some opinions from folks who can read email headers, but are not necessarily email experts. The question is - in placing a new header, should we follow strict chronological sequence, or follow the common convention of always making the Received header lowest in the group of headers prepended by our Mail Transfer Agent (MTA). Here is an example from our current mailflow: Received: from fence.pobox.com (fence.pobox.com [208.210.124.76]) by wand.pobox.com (Postfix) with ESMTP id EDBE424BD for <07422030@mailstore.pobox.com>; Thu, 16 Nov 2006 06:28:33 -0500 (EST) Received: from fence.pobox.com (localhost [127.0.0.1]) by fence.pobox.com (Postfix) with ESMTP id 716F2F0A8 for <07422030@mailstore.pobox.com>; Thu, 16 Nov 2006 06:28:27 -0500 (EST) Delivered-To: xxx@pobox.com Received: from fence (localhost [127.0.0.1]) by fence.pobox.com (Postfix) with ESMTP id D99961161C for <xxx@pobox.com.07422030.000.icgmh>; Thu, 16 Nov 2006 06:27:33 -0500 (EST) X-Pobox-Pass: SRS0=itbTd7ph=E4=pco-iraq.net=xxx@open-mail.org is whitelisted Received: from open-mail.org (open-mail.org [207.210.221.26]) by fence.pobox.com (Postfix) with ESMTP id D913F116FE for <xxx@pobox.com>; Thu, 16 Nov 2006 06:24:17 -0500 (EST) X-SpamScore: -14.0 Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for <xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500 X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) <===== Received: from pavo.pco-iraq.net ([64.191.210.183]) by CANCER.pco-iraq.net with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:22:16 +0300 Received: from FORNAX.pco-iraq.net ([172.16.5.106]) by pavo.pco-iraq.net with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:20:52 +0300 The new header is marked with <=====. That and the two above it are our headers. The order of events is 1) We get a request for a mail session: HELO this is pco-iraq.net. 2) We authenticate the alleged sender 'pco-iraq.net' against the incoming IP address, and reject forgeries. 3) We prepend our new X-Authent header with the authentication results and the senders ratings. 4) We then receive the message headers and bodies, and prepend a Received header to mark that event. 5) If the sender is not whitelisted, the message goes to our spam filter, and we prepend the results with an X-SpamScore header. The experts are telling me - no this is wrong. The header order should be: X-SpamScore: -14.0 X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) <===== Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for <xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500 There is no RFC standard mandating this order. It appears we are free to chose any order we want as long as we keep them together in a block. So the experts appear to be favoring what seems more familiar - Received header always at the bottom. My intent in placing the X-Authent header at the bottom was to follow a simple rule (strict chronology) that even non-experts will be able to follow - Everything above X-Authent is trusted. Everything below is not. So the tradeoff appears to be simplicity for non-experts vs following a convention expected by experts. One of my pet peeves is mail forwarders who re-order existing headers - a clear violation of standards with no apparent need (making the headers pretty, I guess)!