SMTP Envelope vs. Email Headers

Discussion in 'Email Discussions' started by popowich, Nov 19, 2013.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Aug 12, 2008
    Likes Received:

    Do you want to know why an email can be From: you when you didn't send it?

    Do you want to know why you can receive an email that isn't To: you?

    Do you want to know how BCC works?

    The following is part of a sanitized manual smtp (email) conversation between me and an smtp relay:

    mail from:<>
    250 ok
    rcpt to:<>
    250 ok
    rcpt to:<>
    250 ok

    354 go ahead
    To: <>
    From: <>
    Subject: This is also how BCC works

    This is an example email for Email Questions
    250 ok 1384905446 qp 21500

    When sending an email there are both Envelope and Header and parts of the communication.

    The envelope can have multiple recipients. This is also part of how BCC's works. One more more envelope rcpt to commands in the background that are not in the Header. The envelope is what determines where an email is sent.

    The header To: From: Subject: Date: are all optional data. This is the information that you see in your mail program.

    The data in the header does not need to match the data in the envelope .

    SMTP Envelope vs Email Headers.JPG

    The above is what was received at my "". As you can see, the SMTP relay that was used to send the email got it to the right place, even though the header listed different fake information. Theresa should also have received the email at her "". My email program displays the header information which is the To: and From: that I see.

    This is why spammers can send email From: your domain name or fake domain names.

    This is how BCC works and why you are able to conceal the receipents of an email, if you choose to.

    This is why an email can be missing a To: line, or other header information, and still get to you.

  2. Julio Talaverano

    Julio Talaverano New Email

    Jun 8, 2019
    Likes Received:
    I have a question on that:
    If I receive some email and then I click on the reply button I can see the
    target recipient mail address.

    Is this the real recipient address (the original SMTP "Mail From:" or in this case "Mail To:") or can this information be faked too?
    In other words, if I receive a fake mail, can I prove this by this method?


Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.