Security Basics mailing list archives
Re:Spoof the TO field in emails
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Wed, 1 Dec 2004 17:45:34 +0000
if you send any email to "x" in the TO field, and "y" in the BCC filed. "x" won't be able to know that the message was sent to "y" as well. while "y" would see the message going to "x" only! g. ---------- Initial Header -----------
From : sf_mail_sbm () yahoo com
To : security-basics () securityfocus com Cc : Date : 1 Dec 2004 11:40:41 -0000 Subject : Spoof the TO field in emails
Hi List, Just got an incident today where a user reports to have received a
mails sent to another person
The mail is a phishing attempt TECHNICALS: ----------- 'UserA' got the mail 'UserB' was in the 'TO' field HEADER: ------- Received: from mydomain1(xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) by
mydomain2with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id X340ZH77; Wed, 1 Dec 2004 06:51:01 +0400 Received: from SPAM-Domain- yyy.yyy.yyy.yyy by mydomain1 with
Microsoft SMTPSVC(5.5.1774.114.11);
FCC: mailbox://supprefnum1816646952075 () wamu com/Sent From: Washington Mutual, Inc <supprefnum1816646952075 () wamu com> X-Accept-Language: en-us, en To: UserB .... ======================================= As can be seen from the above, the mail is being sent to 'UserB' How come 'UserA' got the mail? I know about spoofing the FROM field,
but as far as I know the TO field is not spoofed
May be the header was manipulated, but the IP address in the
RECEIVED part are OK
Is it a problem with my mail servers (you can see that Exchange is
being used :) ?
Or is it a technique used by spammers? Your views will be greatly appreciated Thanks to all Ronish
"Our care should not be to have lived long as to have lived enough.", Seneca
Current thread:
- Spoof the TO field in emails sf_mail_sbm (Dec 01)
- Re: Spoof the TO field in emails Satish Matta (Dec 01)
- Re: Spoof the TO field in emails Alexander Klimov (Dec 01)
- Re: Spoof the TO field in emails Alex 'CAVE' Cernat (Dec 01)
- Re: Spoof the TO field in emails Ansgar -59cobalt- Wiechers (Dec 02)
- <Possible follow-ups>
- Re:Spoof the TO field in emails Ghaith Nasrawi (Dec 01)
- Re: Spoof the TO field in emails Robert Mezzone (Dec 03)