Re: SPAM and "undisclosed recipients"

[Kristian Hermansen <khermansen () ht-technology com>]

On Sat, 2003-11-15 at 12:22, Jason DiCioccio wrote:
> Kristian,
>   What you are seeing is that you were BCC'd on the message.  In the 
> process of an email transaction there are multiple times at which 
> recipients are specified.  There is one at the sender's mailserver, where 
> he specifies every recipient that is going to receive his message.  He does 
> this in the form of 'MAIL TO: <email@address>' and repeats it until all of 
> the recipients have been listed.  The mail server then takes that 
> information and connects to all the mail servers it must connect to in 
> order to deliver the message to all of the recipients that the sender 
> specified.  Now, as for what you see in your mail client:  That is the To: 
> and CC: headers.  They are specified in the actual message data and are 
> independent of the recipient information that the sender sends to his mail 
> server.  So, the definition of a BCC (Blind Carbon Copy) really is just a 
> recipient that does not get listed in the message header.  Instead, it is 
> only sent to the mail server as part of the MAIL TO: command sequences. 
> The most information you will likely be able to retrieve about who received 
> the message is from your Received: headers.  You should be able to tell 
> from there (depending on the mail server) which alias or address the sender 
> actually specified when he attempted to send the message.  This can be 
> handy if you have multiple aliases and are wondering which one the spam is 
> getting to.
>
> Hope this helped.
>
> Regards,
> -JD-
>
> --On Saturday, November 15, 2003 11:10 AM -0500 Kristian Hermansen 
> <khermansen () ht-technology com> wrote:
>
> > I have a small question about SPAM emails that are sent to "undisclosed
> > recipients".  Does this just mean that the server stripped the header
> > before sending it to my account?  I don't understand how it could make it
> > to my server, let alone my email account, if nothing was specified.  Does
> > this raise any security issues?
> >
> >
> >
> >
> >
> > Kristian Hermansen
> >
> > CEO - H&T Technology Solutions
> >
> > khermansen () ht-technology com

Yeah, that's exactly what I needed to know.  I have about 5 email
accounts that I regulary check, but some SPAM came in this way and was
hard to determine which account it went to.  By checking the received
header more carefully I was able to determine it.  When the hell are we
going to have a new RFC that eliminates the possibility of SPAM and
makes it secure by default?  Is it really that difficult?

Kris Hermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html