SMTP Envelope vs. Email Headers

popowich

EQ Forum Admin
Staff member
Hello,

Do you want to know why an email can be From: you when you didn't send it?

Do you want to know why you can receive an email that isn't To: you?

Do you want to know how BCC works?

The following is part of a sanitized manual smtp (email) conversation between me and an smtp relay:

helo example.com
250 smtp21.myISP.com
mail from:<realAddress@example.com>
250 ok
rcpt to:<theresa@RealDomain.com>
250 ok
rcpt to:<popowich@RealDomain.com>
250 ok

data
354 go ahead
To: <fakeAddress@example.com>
From: <fakeAddress@example.com>
Subject: This is also how BCC works

This is an example email for Email Questions
.
250 ok 1384905446 qp 21500
quit



When sending an email there are both Envelope and Header and parts of the communication.

The envelope can have multiple recipients. This is also part of how BCC's works. One more more envelope rcpt to commands in the background that are not in the Header. The envelope is what determines where an email is sent.

The header To: From: Subject: Date: are all optional data. This is the information that you see in your mail program.

The data in the header does not need to match the data in the envelope .

SMTP Envelope vs Email Headers.JPG

The above is what was received at my "popowich@RealDomain.com". As you can see, the SMTP relay that was used to send the email got it to the right place, even though the header listed different fake information. Theresa should also have received the email at her "theresa@RealDomain.com". My email program displays the header information which is the To: and From: that I see.

This is why spammers can send email From: your domain name or fake domain names.

This is how BCC works and why you are able to conceal the receipents of an email, if you choose to.

This is why an email can be missing a To: line, or other header information, and still get to you.
 
Hi,
I have a question on that:
If I receive some email and then I click on the reply button I can see the
target recipient mail address.

Is this the real recipient address (the original SMTP "Mail From:" or in this case "Mail To:") or can this information be faked too?
In other words, if I receive a fake mail, can I prove this by this method?

Thanks
Julio
 
Top