Security Basics mailing list archives
Re: Spoof the TO field in emails
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 1 Dec 2004 19:44:57 +0100
On 2004-12-01 sf_mail_sbm () yahoo com wrote:
Just got an incident today where a user reports to have received a mails sent to another person
[...]
'UserA' got the mail 'UserB' was in the 'TO' field
[...]
How come 'UserA' got the mail? I know about spoofing the FROM field, but as far as I know the TO field is not spoofed
That's how SMTP works. Mail is delivered by to the address specified in the RCPT TO field in the envelope. The value in the TO field is usually, but not necessarily, used to generate the RCPT TO. Have a look at this mail. Though your mail address presumably is not "security-basics () securityfocus com" you received this mail. Another example: if you BCC a mail, the recipient will receive the mail, though his address doesn't show up anywhere in the headers.
May be the header was manipulated, but the IP address in the RECEIVED part are OK
No, the headers most likely have not been manipulated.
Is it a problem with my mail servers (you can see that Exchange is being used :) ?
No.
Or is it a technique used by spammers?
It is abused by spammers. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- Spoof the TO field in emails sf_mail_sbm (Dec 01)
- Re: Spoof the TO field in emails Satish Matta (Dec 01)
- Re: Spoof the TO field in emails Alexander Klimov (Dec 01)
- Re: Spoof the TO field in emails Alex 'CAVE' Cernat (Dec 01)
- Re: Spoof the TO field in emails Ansgar -59cobalt- Wiechers (Dec 02)
- <Possible follow-ups>
- Re:Spoof the TO field in emails Ghaith Nasrawi (Dec 01)
- Re: Spoof the TO field in emails Robert Mezzone (Dec 03)