On 2004-12-01 sf_mail_sbm_at_yahoo.com wrote:
> Just got an incident today where a user reports to have received a
> mails sent to another person
[...]
> 'UserA' got the mail
> 'UserB' was in the 'TO' field
[...]
> How come 'UserA' got the mail? I know about spoofing the FROM field,
> but as far as I know the TO field is not spoofed
That's how SMTP works. Mail is delivered by to the address specified in
the RCPT TO field in the envelope. The value in the TO field is usually,
but not necessarily, used to generate the RCPT TO.
Have a look at this mail. Though your mail address presumably is not
"security-basics_at_securityfocus.com" you received this mail. Another
example: if you BCC a mail, the recipient will receive the mail, though
his address doesn't show up anywhere in the headers.
> May be the header was manipulated, but the IP address in the RECEIVED
> part are OK
No, the headers most likely have not been manipulated.
> Is it a problem with my mail servers (you can see that Exchange is
> being used :) ?
No.
> Or is it a technique used by spammers?
It is abused by spammers.
Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Received on Dec 02 2004
Intro
