mailing list archives
Re:Spoof the TO field in emails
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Wed, 1 Dec 2004 17:45:34 +0000
if you send any email to "x" in the TO field, and "y" in the BCC filed.
"x" won't be able to know that the message was sent to "y" as well.
while "y" would see the message going to "x" only!
---------- Initial Header -----------
From : sf_mail_sbm () yahoo com
To : security-basics () securityfocus com
Date : 1 Dec 2004 11:40:41 -0000
Subject : Spoof the TO field in emails
Just got an incident today where a user reports to have received a
mails sent to another person
The mail is a phishing attempt
'UserA' got the mail
'UserB' was in the 'TO' field
Received: from mydomain1(xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) by
mydomain2with SMTP (Microsoft Exchange Internet Mail Service Version
id X340ZH77; Wed, 1 Dec 2004 06:51:01 +0400
Received: from SPAM-Domain- yyy.yyy.yyy.yyy by mydomain1 with
FCC: mailbox://supprefnum1816646952075 () wamu com/Sent
From: Washington Mutual, Inc <supprefnum1816646952075 () wamu com>
X-Accept-Language: en-us, en
As can be seen from the above, the mail is being sent to 'UserB'
How come 'UserA' got the mail? I know about spoofing the FROM field,
but as far as I know the TO field is not spoofed
May be the header was manipulated, but the IP address in the
RECEIVED part are OK
Is it a problem with my mail servers (you can see that Exchange is
being used :) ?
Or is it a technique used by spammers?
Your views will be greatly appreciated
Thanks to all
"Our care should not be to have lived long as to have lived enough.",