Security Basics mailing list archives
Re: Spoof the TO field in emails
From: "Satish Matta" <matta_jobs () hotmail com>
Date: Wed, 1 Dec 2004 12:58:41 -0500
Ronish, My guess is that User B was BCC'ed. - Satish ----- Original Message ----- From: <sf_mail_sbm () yahoo com> To: <security-basics () securityfocus com> Sent: Wednesday, December 01, 2004 6:40 AM Subject: Spoof the TO field in emails
Hi List, Just got an incident today where a user reports to have received a mails
sent to another person
The mail is a phishing attempt TECHNICALS: ----------- 'UserA' got the mail 'UserB' was in the 'TO' field HEADER: ------- Received: from mydomain1(xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) by
mydomain2with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id X340ZH77; Wed, 1 Dec 2004 06:51:01 +0400 Received: from SPAM-Domain- yyy.yyy.yyy.yyy by mydomain1 with Microsoft
SMTPSVC(5.5.1774.114.11);
FCC: mailbox://supprefnum1816646952075 () wamu com/Sent From: Washington Mutual, Inc <supprefnum1816646952075 () wamu com> X-Accept-Language: en-us, en To: UserB .... ======================================= As can be seen from the above, the mail is being sent to 'UserB' How come 'UserA' got the mail? I know about spoofing the FROM field, but
as far as I know the TO field is not spoofed
May be the header was manipulated, but the IP address in the RECEIVED part
are OK
Is it a problem with my mail servers (you can see that Exchange is being
used :) ?
Or is it a technique used by spammers? Your views will be greatly appreciated Thanks to all Ronish
Current thread:
- Spoof the TO field in emails sf_mail_sbm (Dec 01)
- Re: Spoof the TO field in emails Satish Matta (Dec 01)
- Re: Spoof the TO field in emails Alexander Klimov (Dec 01)
- Re: Spoof the TO field in emails Alex 'CAVE' Cernat (Dec 01)
- Re: Spoof the TO field in emails Ansgar -59cobalt- Wiechers (Dec 02)
- <Possible follow-ups>
- Re:Spoof the TO field in emails Ghaith Nasrawi (Dec 01)
- Re: Spoof the TO field in emails Robert Mezzone (Dec 03)