Re: Spam Mail with wrong address

On Sun, 3 Jul 2005 12:33:09 +0000 (UTC), Hagar wrote:

> Can anyone explain how come I get a shitload of spam mail that isn't even
> addressed to me? Either the "To" (Me) address is totally wrong or it will
> have elements of my username in it or end with the name of the provider.(BT
> Internet)

The "To:" address field isn't even known to the MX server until the SMTP
DATA phase of the transaction. The email goes to the email address in the
SMTP RCPT TO phase of the transaction. This email address is usually
stripped from the email message by the Mail Delivery Agent (MDA), the SMTP
server which places the email message in your mailbox for POP3 (or IMAP)
access.

Some email services do reveal that email address, but it is not required by
RFC 2821, or associated RFCs. Yahoo! mail includes the "X-Apparently-To:"
header line, others use "X-Delivered-To:", or some variant. Many just don't
include it at all.

MS Outlook Express does this by using the "Bcc:" field when you send email.

Here is part a recent SMTP server log of an email transaction:
--------------------------------------------------------------
|00:48:03.865: Connection from 192.168.102.100, Thu Jun 30 00:48:03 2005<lf>
|00:48:03.874: << 220-aosake.net ESMTP server ready.<cr><lf>220-No unauthorized relaying, or spam is allowed.<cr><lf>220 No legal obligation of acceptance by aosake.net exists.<cr><lf>
|00:48:03.895: >> EHLO [192.168.102.100]<cr><lf>
|00:48:03.898: << 250-aosake.net Hello [192.168.102.100]; ESMTPs are:<cr><lf>250-TIME<cr><lf>
{Snipped some SMTP stuff.}
|00:48:03.188: << 235 Authentication successful.<cr><lf>
|00:48:03.240: >> MAIL FROM:<***@aosake.net> SIZE=415<cr><lf>
{The line above can be forged; you can;t always trust this one!}
|00:48:03.245: << 250 Sender and size (415) OK - send RCPTs.<cr><lf>
|00:48:03.273: >> RCPT TO:<***@netscape.net><cr><lf>
{The line above is the actual recipient of this email message.}
{Snipped some SMTP stuff.}
|00:48:04.916: >> DATA<cr><lf>
{The line above is the start of the message.}
|00:48:04.917: << 354 OK, send data, end with CRLF.CRLF<cr><lf>
|00:48:04.976: >> Message-ID: <42C3A3B2.5070201@xxxxxxxxxx><cr><lf>
|00:48:04.984: >> Date: Thu, 30 Jun 2005 00:48:02 -0700<cr><lf>
|00:48:04.984: >> From: *** <***@aosake.net><cr><lf>
|00:48:04.985: >> User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)<cr><lf>
|00:48:04.986: >> X-Accept-Language: en-us, en<cr><lf>
|00:48:04.986: >> MIME-Version: 1.0<cr><lf>
|00:48:04.987: >> To: undisclosed-recipients:;<cr><lf>
{The line above can be anything the sender wants it to be. In this case,
the "To:" field of Mozilla Thunderbird was left blank; but it could have
been <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx>, and the message would still be
received by the Netscape email address of the RCPT TO: line above.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
.

Quantcast