Brad:
Custom headers in RFC822 messages must begin with "X-".
As Hal points out, this is not true. Hal:
In particular, users can use any header fields they want, as long as they aren't already used; they only risk being made obsolete if their chosen field names become used.
Let me make this point explicit, in case I haven't done so recently. Anonymity and pseudonymity should be standard features of electronic mail systems. When I first picked the names for the header fields, I read RFC-822 carefully, and specifically chose *not* to use X- extension headers. I fully intend to write an RFC, an extension to RFC-822, which describes the syntax and semantics of anonymous/pseudonymous mail messages. There will likely be another describing the operation of a "standard remailer." (A note about MIME: I'm talking about the transport system here, underneath the layers that MIME puts on. At least that's the idea.) The current policies favoring named mail originate in the conflation of two notions of security. The first, delivery security, is that the mail be delivered correctly, i.e., delivered at all, to the correct person, in a timely fashion, without alteration of the contents. The second, liability security, is that the provider of mail not be held liable for content. The provider removes liability by transferring it to the sender of the message, who must therefore remain named. One goal of remailer work is to cleave these two notions apart. A provider of email services should be responsible for accurate and timely delivery, but should have no concern for or hand in content. The service that the provider is offering is just that, computer services. It is not monitoring, not oversight, and not censorship. Just as the phone company provides a communication channel on which I may put whatever content I desire, so should any e-mail system offer a communication channel and only a communication channel. The origin, I believe, of this confusion is that e-mail systems were by and large developed for internal uses and not for the open market. That internal use, broadly conceived, might be for the military, for academic research, or for intra-corporate memos. In other words these systems were provided (mostly) free of incremental charge to the users. In this environment, where service is being provided by context, it was the legitimate concern that the provider might be held liable, since the provider, in some strong sense, had caused the service to exist in the first place. When the social structures and situations or e-mail communications were all so similar, this system worked out fine. Today, however, people seek out e-mail services for their direct utility. These people often have no prior relation with their service provider; indeed, they wish not to be tied to a particular provider as a guard lest the quality of the service suffer. These people pay for service themselves, typically. And hence the separation between liability security and delivery security is complete. I want to buy common carriers of e-mail. I want bit pipes. (Or, perhaps, in the e-mail world, bit bucket brigades.) But the standards of yesteryear are still with us. The structure of named mail persists. We are changing that. We do not wish to remain skulking in the corners of respectability. We want to be standard. We want the standards, too, to be ours and to reflect our concerns. Let us act with the care and deliberation that behoove all those who wish to create standards to which others comply. Onward. Eric