EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 20 Aug 2023, 08:12 PM   #1
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
"Send a copy" uses username

In the message view screen, in the "Actions" menu, one of the actions is "Send a copy".
It is used to send an exact copy of the message. To the recipient of the message sent by this method the recieved message would look much like a message sent to them using Bcc (that is: they would not be listed in the list of recipients in the message headers).
I think that in the past this method used the default personality as the envelope-from address, but it seems that now it is using the username (that is the email address that one uses to login to Fastmail).

Today I tried to send a copy of a message I sent to a student to a colleague of mine (that is supposed to replace me in some task so I bcc some of my correspondence to her Gmail address so that she can see what's happening, only this time I forgot to Bcc the message when sending, so I tried to send the copy later). Gmail bounced this copy. The domain's DNS is set to Fastmail's default setting.

These are the headers on the bounced message:
Code:
Return-Path: <MyUsername@oneOfMyDomainsThatIUseOnlyForLogin>
Received: from mailredirect.nyi.internal (imap43.nyi.internal [10.202.2.93])
	by mailforward.nyi.internal (Postfix) with ESMTP id 0EFEA19403C3
	for <Colleague'sAddress@gmail.com>; Sun, 20 Aug 2023 06:07:05 -0400 (EDT)
Received: by mailredirect.nyi.internal (Postfix, from userid 501)
	id 0DAA52D40091; Sun, 20 Aug 2023 06:07:05 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
X-Resent-Provider: messagingengine.com
Resent-Date: Sun, 20 Aug 2023 06:07:05 -0400
Resent-From: MyUsername@oneOfMyDomainsThatIUseOnlyForLogin
X-ME-Resender: <xms:yeXhZOqVeKoCB1ZgJ9TT59SZGYz3WkA1tmsJBgzMpcsags5WZ57A0Q>
    <xme:yeXhZHfkTudOeBUUiaf0-7Rv81hm5G2mxUlGDtMOeKjuakw1i_IKBg>
User-Agent: Cyrus-JMAP/3.9.0-alpha0-624-g7714e4406d-fm-20230801.001-g7714e440
Mime-Version: 1.0
X-PersonalityId: 130180
Message-Id: <7a91c2df-9431-45d7-b381-169dcc1c6618@betaapp.fastmail.com>
In-Reply-To: 
 <CA+V-DS8SU7L==DO=x_sXokv=_nPnXmgJnqhdPS-ztBky-cz4ag@mail.gmail.com>
References: 
 <CA+V-DS8SU7L==DO=x_sXokv=_nPnXmgJnqhdPS-ztBky-cz4ag@mail.gmail.com>
Date: Sun, 20 Aug 2023 13:04:27 +0300
From: "Myself" <Me@OneOfMyDomains>
To: "Student's name" <Student'sAdress@gmail.com>
Subject: =?UTF-8?Q?Re:_=D7=9E=D7=93"=D7=A8_1_=D7=A9=D7=90=D7=9C=D7=94_=D7=9E=D7=9E?=
 =?UTF-8?Q?=D7=9F_14?=
Content-Type: multipart/alternative;
 boundary=5bbe7b2315d943e4abc9f433a766cc16
Resent-Message-Id: <20230820100705.0DAA52D40091@mailredirect.nyi.internal>
This is Gmail's bounce message:
Code:
<Colleague'sAddress@gmail.com>: host gmail-smtp-in.l.google.com[142.250.27.27] said:
    550-5.7.26 This mail is unauthenticated, which poses a security risk to the
    550-5.7.26 sender and Gmail users, and has been blocked. The sender must
    550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
    550-5.7.26 DKIM checks did not pass and SPF check for [oneOfMyDomainsThatIUseOnlyForLogin]
    did 550-5.7.26 not pass with ip: [66.111.4.239]. The sender should visit
    550-5.7.26  https://support.google.com/mail/answer/81126#authentication for
    550 5.7.26 instructions on setting up authentication.
    d11-20020aa7d68b000000b0052542edc0afsi4070505edr.256 - gsmtp (in reply to
    end of DATA command)
One thing that probably a bit broken is that FastMail doesn't add authentication info to the sent copy (perhaps resigning the message with DKIM?)

Also it makes me a bit sad to discover that this methd now reveals to the recipient (or at least to gmail's servers that rejected the mail in this case) the username that I use only to login and never to identify myself to anyone but Fastmail.
I wonder is the default identity does exist somewhere under a new name. The new system where everything is called an "email address" confuses me. The X-Personality-Id header in the email suggests that the personalities mechanism still exists under the hood.
hadaso is offline   Reply With Quote

Old 21 Aug 2023, 01:12 AM   #2
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 896
I was intrigued so I just had to try this out. The email address that I use to login is used for that purpose only, same as you hadaso. I don't even know exactly what that address is, I leave that up to my password manager.. I was, upset, that that email address was in several headers. At least it wasn't in the From: header. If so I would be much more upset..

- Bruce

Last edited by somdcomputerguy : 21 Aug 2023 at 06:14 AM.
somdcomputerguy is offline   Reply With Quote
Old 21 Aug 2023, 06:04 AM   #3
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
Quote:
Originally Posted by somdcomputerguy View Post
... At least it wasn't in the From: header. ...
It cannot be in the From header when "Send a Copy" is used, since it is exactly the message being resent, with only some routing headers related to the resending added on the top. The username is always somewhere in the routing headers in incoming email, because it is used for internal delivery of incoming mail to the user's mailbox, but that's not a problem from my point of view, because it's mail that is not going out.
hadaso is offline   Reply With Quote
Old 21 Aug 2023, 06:12 AM   #4
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 896
I just used that feature to send a copy of an email to another email address that is not Fastmail provided. The 'hidden headers' contain the address that I use to login to Fastmail, so I guess I won't be using that feature.

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 21 Aug 2023, 07:04 AM   #5
JeremyNicoll
Cornerstone of the Community
 
Join Date: Dec 2017
Location: Scotland
Posts: 508
I hope someone's going to complain to Fastmail.

Leaving aside the way that many of us try to keep our default username secret - which perhaps FM don't know about or see a need for or something... I can't see that any FM user (not doing that) would want the default username used when the email that's being copied was apparently to a different username. The copy is still exposing the "wrong" email address to the recipient of the copied email.
JeremyNicoll is offline   Reply With Quote
Old 21 Aug 2023, 07:17 AM   #6
Berenburger
The "e" in e-mail
 
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,939
You’re right. Tried it and indeed the username (login) is used.
Berenburger is offline   Reply With Quote
Old 21 Aug 2023, 09:58 AM   #7
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,965
Fastmail help reference:
https://www.fastmail.help/hc/en-us/a...82-Send-a-copy

I think that for the purpose described in the original post in this thread (sending a message you created which is in your Sent folder to someone else instead of using BCC for ALL recipients), a better solution is to use “Edit As New”. This can be used for any message (one you received or one you sent) and opens that messages in the Compose screen with the original Subject, To/Cc/Bcc list (Bcc only if you created the message), message body, and attachments. You can change the From address just as if you were creating a new message, change the To/Cc/Bcc lists, change the Subject, change the message body, and remove and/or add attachments.

The value of “Send A Copy” is to send a copy of a message to another email account you control to see how that message appears in that account with the original From address, or to do so with a trusted friend. As described by others, I would not use that feature to copy an existing message to another person for the usual purposes.

I use “Edit As New” nearly every day. For example, I might send out some new weather or science news to some friends who know each other, so I( plece them all in Cc so we can respond to each other to discuss the topic. I then go to my Sent folder and edit as new that message, change the From and To/Cc/Bcc as appropriate, and sent that same message to a different group of friends or family members. This works great!

Bill
n5bb is offline   Reply With Quote
Old 21 Aug 2023, 07:13 PM   #8
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
I use "Edit as new" very often, such as to use an old message as a template for a new one, and as soon as I got the rejection message I realized I could do it that way, but I also use "Send a copy" when I forget to Bcc someone, as it is supposed to exactly replicate Bcc'ing a message, and I never got a rejection in the past, so perhaps something changed.

I posted this because I was surprised that the username was there, because I have been using this in the past a lot and knew that the default personality address was used, and I was also surprised that the email didn't pass authentication, because it has not happened in the past, so perhaps there were some recent changes (or perhaps I haven't used this functionality for a while).

Another use I have for "Send a copy" is that nowadays it is the only way to send a message using the web app with different header from and envelope from (in the past it was possible to set them separately in a personality).

Of course the best solution is not to forget to Bcc people...
hadaso is offline   Reply With Quote
Old 21 Aug 2023, 08:22 PM   #9
JeremyNicoll
Cornerstone of the Community
 
Join Date: Dec 2017
Location: Scotland
Posts: 508
I've raised a support ticket for this (the exposure of our primary email address).

I've suggested that at the very least the system should (if it's not going to give people a choice of the user under which the copy is sent) warn people that it will be done under the default username and give them a chance to cancel the send.

I hope I've made it clear that I think a choice of sending user would be better.

Last edited by JeremyNicoll : 21 Aug 2023 at 08:35 PM.
JeremyNicoll is offline   Reply With Quote
Old 21 Aug 2023, 08:36 PM   #10
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
I think the best "solution" would be to let users set one or some of their aliases (email addresses) to be used for login. Then one would be able to set a convenient login identity that is not known to anyone else and is also not used for internal or external routing of email.
hadaso is offline   Reply With Quote
Old 21 Aug 2023, 09:39 PM   #11
JeremyNicoll
Cornerstone of the Community
 
Join Date: Dec 2017
Location: Scotland
Posts: 508
Quote:
Originally Posted by hadaso View Post
I think the best "solution" would be to let users set one or some of their aliases (email addresses) to be used for login. Then one would be able to set a convenient login identity that is not known to anyone else and is also not used for internal or external routing of email.
Well, the first step is to get FM to understand that there's a problem...

I did point them at this discussion. Whether anyone will read it though...


Also I too experimented by sending an email that I'd received at FM somewhere else. My username address appeared EIGHT times in the email that arrived elsewhere:

(1) the "X-Resolved-to:" header showing how FM had processed the original mail

(2) a "Resent-From:" header, presumably inserted by the "Send a copy" process

(3) in "Return-Path:"

(4) in three "Received:" headers inserted by the system the copy was sent to, showing the envelope-from address of that copy.

(5) twice in spam-analysis showing how features of that address had contributed, or not, to the spam score on the system the copy was sent to


That means that even if one had a choice of which user to send the copy with, FM also needs to redact the value in the "X-Resolved-To:" header, or remove that completely from the sent copy (or at least, warn the user that that information will be in the copy).

Last edited by JeremyNicoll : 21 Aug 2023 at 10:12 PM.
JeremyNicoll is offline   Reply With Quote
Old 21 Aug 2023, 11:08 PM   #12
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
I always knew that the username appears in the X-Resolved-To header and some Received headers, and that sometimes these go out, but it was never in any header that people see, or that systems that automatically collect (such as mail clients that automatically add names and addresses as contacts, that are then collected by services such as LinkedIn that automatically spam everyone in a new user's addressbook). So I was not worried too much about the username collected by spammers this way.
Designating an alias for login can benefit not only paranoid freaks like us but also "normal" users that use a single address looking professional such as full.name.and.title@fastmail.com and would be happy to e able to login using a short name in one of Fastmail's short domains, like: letmein@mm.st
hadaso is offline   Reply With Quote
Old 13 Sep 2023, 03:09 AM   #13
JeremyNicoll
Cornerstone of the Community
 
Join Date: Dec 2017
Location: Scotland
Posts: 508
Quote:
Originally Posted by JeremyNicoll View Post
I've raised a support ticket for this (the exposure of our primary email address).

I've suggested that at the very least the system should (if it's not going to give people a choice of the user under which the copy is sent) warn people that it will be done under the default username and give them a chance to cancel the send.

I hope I've made it clear that I think a choice of sending user would be better.

The result of this is that the "Tier 3" support person said:
.
This is expected behavior for "Send a copy". This feature is mostly intended to be used to send the original copy of the email, without changing the basic headers, to an alternate email account of the user or to someone they trust.

However, I agree that making things a bit more apparent to the user would make sense here and I am happy to take this as a feature request so this can be considered by our team concerned.

I'll also add a task to document this in the related help page.
JeremyNicoll is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 01:31 AM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy