An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
eMail question
#15769 05/29/11 12:44 AM
Joined: Aug 2009
...JER Offline OP
OP Offline

Joined: Aug 2009
I have gotten several spam emails that have no "To" field in the header. Using long headers doesn't reveal any "To", "cc", or "bcc" fields. How is this stuff getting in my mailbox?

...JER


...JER (-: >
Re: eMail question
...JER #15775 05/29/11 06:43 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: ...JER
I have gotten several spam emails that have no "To" field in the header. Using long headers doesn't reveal any "To", "cc", or "bcc" fields. How is this stuff getting in my mailbox?

...JER

Can't help, but I wonder whether the answer to your question will also explain how, from time to time, I've found spam in my mailbox that had any number of different "To" addresses, none of which was mine.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: eMail question
...JER #15778 05/29/11 04:40 PM
Joined: Aug 2009
Likes: 5
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 5
My suspicion is that your address is being placed into the "Bcc" portion of the originating spam source and the actual addressees are all there instead of in the "To" field......


Freedom is never free....thank a Service member today.
Re: eMail question
MacManiac #15779 05/29/11 05:05 PM
Joined: Aug 2009
...JER Offline OP
OP Offline

Joined: Aug 2009
Thanks, that was my guess but I didn't know if there was another way to do it.


...JER (-: >
Re: eMail question
...JER #15781 05/29/11 08:26 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Remember that the first headers are created by the SENDING computer. Email clients and spammers have absolute control over the headers they place in them.

Most mailservers will append additional headers when they forward the message. Some will add a spamassassin score or an identifier for example, and most add information about the client that delivered the message to them.

Since most normal email passes through several mail gateways and servers en route to you, you can usually look at the full headers to follow its path to you. But I've seen at least a few cases of where the spammer tried to make that difficult by adding path-like headers in the message before sending it into the system. Since it can be difficult to determine where the actual mailserver provided headers start, you have to read them very carefully and determine at what point up the chain to stop trusting them. Client provided headers that are attempting to look like mailserver routing headers are usually referred to as "forged headers".

It's becoming common for spammers and virus writers to add forged spamassasin/avg scanned/passed headers in an attempt to fool downstream mailservers and recipients. (mailservers often will skip rescanning a message if it claims to have already been scanned)


I work for the Department of Redundancy Department
Re: eMail question
MacManiac #15785 05/29/11 11:14 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: MacManiac
My suspicion is that your address is being placed into the "Bcc" portion of the originating spam source and the actual addressees are all there instead of in the "To" field......

That's a good thought, so I just tried it, and my e-mail got to me like so:

Quote:
From: Artie (Edited) <(Edited)@verizon.net>
Subject: sdfghjk
Date: May 29, 2011 7:59:05 PM EDT
To: Undisclosed recipients: ;
Return-Path: <(Edited)@verizon.net>
Received: from [192.168.1.46] ([unknown] [(Edited)]) by vms173001.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0LLZ005Y9EMH39D0@vms173001.mailsrvcs.net> for (Edited)@verizon.net; Sun, 29 May 2011 18:59:06 -0500 (CDT)
Message-Id: <894299AF-F901-43F5-9C91-FD250F202A34@verizon.net>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Original-Recipient: rfc822;(Edited)@verizon.net

Presumably, the "Undisclosed recipients" refers to the Bcc address, but the two red (Edited) addresses disclose it.

I guess each mail server handles such stuff differently?

But it could explain my spam. Hmmm... I'll have to pay closer attention next time.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.028s Queries: 26 (0.023s) Memory: 0.5936 MB (Peak: 0.6646 MB) Data Comp: Zlib Server Time: 2024-03-29 07:01:22 UTC
Valid HTML 5 and Valid CSS