This X- header is used in various contexts around the Internet. This document attempts to capture known usage.
Note that Original-From is merely adding complexity to the 'who was the author of this message' assessment, very possibly creating yet-another security hole.
Google Apps currently implements "aliases" as Google Groups (this has been true for a number of years now, prior to that there were separate aliases and groups). Because of this, a firstname.lastname@example.org address that redirects to internal users or an external CRM tool (salesforce) would be getting a groups rewritten message. These messages will not pass DKIM due to the rewriting, and so if they're from a DMARC p=REJECT/QUARANTINE domain such as yahoo.com, the from header will be rewritten to be the group name (email@example.com) and the x-original-from will be the original sender.
Brandon Long on Tue, 23 September 2014 https://mailarchive.ietf.org/arch/msg/dmarc/Ql24idIHCpond8bobVdt8mkBgrg
For emails from p=reject domains:
Alexey Melnikov on Fri, 11 May 2018 11:48 UTC https://mailarchive.ietf.org/arch/msg/ietf/fZzt1mhBPqxG93y05ruGmMey9x4/
The content of this page was last updated on 2020-09-29. It was migrated from the old Trac wiki on 2023-02-26.