If Blackberry does it, why can’t google do it? Doesn’t seem to make sense to me…

Google is not wrong.
Look here for a response why:

Gmail Problems

You only have to explicitly set the Reply-to address as well as the From address.

Best Regards.

Is this the problem you guys are talking about? Any ideas what is wrong with my settings?

The trick described here might help deal with spam to your Gmail account.

So, my problem with this is that I want to participate in mailing lists. But, inevitably, any email address you post from (or is in a header) eventually becomes inundated with spam.

So usually you generate a temporary ID, and forward to some real account. But if your gmail account is in the header, you’re spam bait. This blocks of a significant chunk of my usage from being gmail.

Putting gmail.com in the headers does not cause a problem, but putting my address does.

bene’s point about gmail’s revealing gmail address in headers when sending as another account being expected behavior is important because any solution that does not reveal gmail as message originator would take control over email sent from some domain away from that domain’s owner.

Because I’m not a lawyer, I can’t really speak to Gmail’s potential legal liability, so you may be correct that that is explanation.

However, I very much doubt it, because right now anybody using just about any email program, such as Thunderbird or Outlook, can pretend to send an email from any address in the manner you describe, and no one (that I know of) has suggested holding the makers of those programs legally liable.

Besides, doing what Gmail does now does not make much of a difference in that regard. The sender and return-path information is hidden in most email programs, so that one has to view the email’s header in order to see the Gmail account. For most people who don’t check their email headers, disgruntled former employees will still be able to send emails from their old addresses with the same level of trickery. I’m pretty certain that anybody so un-Internet-savvy as to assume that all emails originate where they say they originate, will also not be savvy enough to check email headers for authenticity.

In other words, if Gmail does this to prevent people from being fooled by disgruntled former employees (and the like), it will only work for those who are savvy enough not to be fooled in the first place.

What disgruntled employees cannot do, assuming they haven’t hacked back into their old accounts, is receive email at their old addresses, so that should always be the test for an email’s authenticity.

For instance, if I am employed by A Good Company, and duly receive an email account of (me@agoodcompany.com) me (located at) agoodcompany (dot) com, then should A Good Company dismiss me, the gmail functionality you desire would make it impossible for A Good Company to prevent me from continuing to send further email correspondence under its domain. (Moreover, since any email can have a reply-to header, I can count on getting some answers back, too.)

If I recall correctly, in the earliest days of the send as functionality, gmail worked closer to the transparent way you want, and I can only surmise that one or more IT security people pointed out the problems this might create with, for example, disgruntled ex-employees. Recognizing the potential for google’s liability under some legal theory for damages that could result from gmail enabling such problematic communication is a small step, which leads me to believe gmail is probably not going to “fix” what you call the “real” reply problem.

Also, Google could get around the spam-filter risk by making the sender and return-path emails something like an MD5-encrypted combination of the Gmail account and the “spoofed” account. That way it would obscure the private email address while matching server and sending email. It would also allow easy filtering of spam should it be directed toward my Gmail account; for example, were I to start getting spam to (b05ba897e4e963074d85164c9beddb23@gmail.com) b05ba897e4e963074d85164c9beddb23 (located at) gmail (dot) com then I could easily filter it away. Spam to my real Gmail address–not so easy.

Your second point could only be realized if someone has already compromised the other email account. At that point, the attacker could easily misuse the account independently of Gmail’s involvement.

First: mail that originates from the gmail.com servers must have sender and returnpath as gmail.com domains, else it has a high chance of being considered spoofed email (because it is!). Blocking spoofed email (ie, mail that claims to be from one sender but is coming from a different domain) is a highly effective way of reducing spam – when your mail server is the first hop. Blocked messages = unhappy gmail users.

Second: If someone manages to figure out the verification code generation algorithm, allowing the addition of addresses without validation, or manages to temporarily gain access to another users email address to receive the validation message, that identity is taken over completely – messages sent from the gmail account are indistinguishable from messages sent by the hijacked account, lending support to identity theft.

If you want to sign the petition, it’s here .