The RFC 5321, 3.3 tells what the MAIL FROM:<reverse-path> is for:
The <reverse-path> portion of the first or only argument contains
the source mailbox (between "<" and ">" brackets), which can be
used to report errors (see Section 4.2 for a discussion of error
reporting).
The originator fields in the Internet Message Format headers (RFC 5322, 3.6.2) have more specific purposes to distinguish the author (From:) from the agent responsible for the actual transmission of the message (Sender):
For example, if a secretary were to send a message for another person,
the mailbox of the secretary would appear in the "Sender:" field and
the mailbox of the actual author would appear in the "From:" field.
The RFC 5321 envelope sender has merely a technical purpose. It is typical in mail forwarding and mailing list scenarios to rewrite the MAIL FROM to match the forwarding domain/server or the mailing list operator. This has two benefits:
- The error reports will get back to the mailing list operator who should take care of removing erroneous addresses from the list.
- Rewriting the envelope sender does not break the SPF policy of the original domain (Shevek (2004): The Sender Rewriting Scheme).
On the other hand, such practices are slightly against RFC 5321, 3.7.5:
3.7.5. Envelopes in Gatewaying
Similarly, when forwarding a message from another environment into
the Internet, the gateway SHOULD set the envelope return path in
accordance with an error message return address, if supplied by the
foreign environment. If the foreign environment has no equivalent
concept, the gateway must select and use a best approximation, with
the message originator's address as the default of last resort.
I do not see this as a problem, because the SMTP protocol has not been updated (except for the SMTP 521 and 556 Reply Codes, RFC 7504) since 2008, but the practices including email forgery prevention have evolved since.
