X-AuthUser message header

[borbor]

Please consider adding "X-AuthUser" header to messages to log the smtp auth. username of the sender.

[fmaxwell]

Please consider adding "X-AuthUser" header to messages to log the smtp auth. username of the sender.

I am firmly against that for several reasons:

1. Security: There is no reason that every person you e-mail should be given half of your security credentials. I do not want someone to launch a dictionary attack against my SMTP password just because they got my login name from the proposed "X-AuthUser" header.

2. Individual privacy: Many users have usernames that are either their primary e-mail address or are their real name. If username "jane.smith" answers e-mail addressed to "support@somecompany.com" as well as receiving personal mail at jane.smith@somecompany.com, her full name and personal e-mail address should not be revealed to each person with whom she corresponds in her "support@" role.

3. Corporate privacy: The fact that the same person answers multiple e-mail addresses should not be revealed to those with whom he/she corresponds. If someone is running a small company and one person answers sales@, info@, postmaster@, and webmaster@, that information is not something that should be made public by the company mail server.

I do not feel, for the reasons shown above, that the benefits of this suggestion outweigh the problems its implementation would cause. At the very least, I ask that this feature be optionally enabled if it is present at all.