Is the order of e-mail recipients guaranteed to be constant?

Question

When sending an e-mail, is there anything in the sending/receiving protocols that guarantees, or is supposed to guarantee, that anyone receiving the e-mail will see the lists of recipients in the To and Cc fields in the same order as how the sender inputs them? This is quite a simple and basic question, really, but seemingly impossible to find an answer to on Google, which only wants to lecture me on the workplace etiquette of the order in which you should CC your bosses.

This old question mentions that the same e-mail can show recipients in different orders on different clients, which could indicate that there is nothing in the various e-mail protocols meant to guarantee that the original ordering is maintained everywhere (and, thus, that it doesn’t matter what order you CC your bosses, because you can’t control what order they see it anyway) – or it could just be a software bug in an e-mail client.

So what do the actual protocols and standards say (in reasonably human-friendly terms, please)? Are mail clients free to present recipients (as well as CC-recipients) in any order they fancy, or are they supposed to take the order the sender types them in as law and stick to that?

 

---

 

Update

As Tonny and R.. Github point out in their answers, the actual SMTP protocol is of course just that – a protocol to transfer information. As such, it doesn’t really care about the contents of the data it transfers, just like HTTP doesn’t care about the HTML contents it’s transferring. So the answer to whether the actual protocol itself guarantees anything is clearly no.

In the parallel(ish) case of HTTP and HTML, there is another layer to the whole transfer, separate from the HTTP protocol itself: W3C standards that dictate how a user agent (= browser) must present the actual contents to the user; UAs not conforming to these are non-compliant. Even in these standards, though, some things are left entirely up to UAs, and there is no guarantee that a particular something is presented in a particular way.

When referring to ‘protocols’ above, my intention was to also include standards like these – anything that governs what happens between the sender hitting ‘Send’ in their MUA and a recipient seeing the e-mail in their MUA.

As anyone who’s ever dabbled with HTML e-mail knows, such standards clearly do not exist for e-mail message body content (or if they do, they are utterly flouted by MUAs). But recipients are not part of the actual body of the message, so their presentation to the user could well be governed by entirely different standards.

So beyond just the actual SMTP protocol itself, what I am really wondering is whether there are any standards/stipulations at all that govern how recipients are treated and presented by MUAs to the user. That is:

• Is the sending MUA free to reorder the content shown in the To: and CC: fields in the UI before generating headers and initiating the SMTP connection?
• Is the receiving MUA free to generate the list of (CC-)recipients for the UI any way it pleases, and order it any way it wants to?
• Or is there some sort of ‘law’ that stipulates that MUAs are not free to do this in order to maintain compliance?

Answer 1

Yes, unless some party involved in the delivery is doing fishy things.

The original content of the header fields in an email message comes from the sender's MUA (mail user agent, i.e. mail software). It's technically possible for an intermediary system handling the mail to modify them, but that's against expectations if not against formal protocol standards, and further, if DKIM is involved, doing it at any stage after the outgoing site's mail system has signed the headers with the DKIM keys would make the signature mismatch. Normally, intermediary systems handling forwarding of your message will prepend headers (Received:, DKIM signatures, spam likelihood scores, etc.) to the message, not modify the existing ones.

Note that the To: and Cc: headers in an email message are purely informative; they are not part of the mechanism for how the mail gets delivered to the correct party. Rather, when your MUA submits the mail via SMTP to your mail provider's submission port, the RCPT TO command(s) specify the addresses it should be delivered to. The MUA normally derives these from the headers, but doesn't have to (and in the case of Bcc:, the header they're derived from was stripped before being sent).

To address the Update to the question: I'm not aware of any "laws" governing what MUAs must do, and even if there were, the extent to which many popular existing ones violate normal expectations/etiquette (for example, hiding email addresses and only showing unauthenticated names, badly reflowing text, etc.) leads me to say you couldn't trust them to follow such "laws" anyway. If you want to know if a particular sender's MUA may have ordered the recipients differently from how the sender wrote/selected them, or if a particular recipient's MUA may have presented them different from their order in the message, you really need to know what particular software they're using and examine that software's behavior.

For what it's worth, I don't recall ever having seen such reordering, but I've only used/observed a very small number of MUAs out of all the ones out there, so it's possible that some so reorder things.

Answer 2

It has been a few years that I went through the SMTP protocol specification, but as far as I can remember there is NOTHING in there that prescribes maintaining that order.
To my knowledge the SMTP protocol ONLY prescribes the message format and mandatory and optional fields within that format. It does give some guidance on the order in which mandatory fields are to be send, but for fields with multiple values (like the recipients) it only says how those fields should be formatted. It doesn't say that the order of multiple values within that field is important or should be preserved.

And any mail-server/relay that receives and forwards an email is free to temporary store that email before sending it on in whatever format it pleases and reconstruct the SMTP message as needed when transmitting it further.
If it does any sort of sorting on the list of recipients that may change the order. And the sending and receiving mail-clients may deal with this however tehy like as well.
The sending client can re-order what you typed before creating the SMTP message and the receiving mail-client can re-arrange on receival before showing it to you.

The send/receive protocol has nothing to do with all that.
It is just concerned with a properly formatted SMTP mesage.
It isn't the protocols job to care about what the application layer above it does with the message.

Answer 3

Is the sending MUA free to reorder the content shown in the To: and CC: fields in the UI before generating headers and initiating the SMTP connection?

There is no specification that states the MUA must preserve order. Contrariwise, there are suggestions that the MUA should sort by domain name to make delivery more efficient, similar to how post offices sort mail by postal code before sorting by address. Of course, intelligent implementations of SMTP are likely to do this anyways for efficiency purposes, but early recommendations was to have the MUA do this to "help" the server be more efficient.

Is the receiving MUA free to generate the list of (CC-)recipients for the UI any way it pleases, and order it any way it wants to? Or is there some sort of ‘law’ that stipulates that MUAs are not free to do this in order to maintain compliance?

There's no specification for what a MUA looks like. Of course, with decades of experience, most MUAs are mostly homogenous at this point, so the de facto standard would be to do what everyone else appears to be doing, and that is to not sort To and CC fields. Of course, since there's no specification, there's no reason why a MUA couldn't do something else, either by default, or as a toggle option, such as sorting by domain, by local name, by both, or by the display name, etc.

Answer 4

BCC is not part of the transmitted email so its order is not visible to recipients.

To: and CC: are email headers and so are not usually mutable, so they will have the same content (including same addresses, same order, and same names) for the sender and all recipients of the email.

SMTP itself deals with a list of recipients that is entirely separate to CC: and To: but most mail user agent make the list be the union of To: CC: and BCC: (the latter being stripped by the MUA.)

MUAs are free to hide, mangle or obfuscate this information in any way they see fit.