mailing list archives
Re: Spoof the TO field in emails
From: "Satish Matta" <matta_jobs () hotmail com>
Date: Wed, 1 Dec 2004 12:58:41 -0500
My guess is that User B was BCC'ed.
----- Original Message -----
From: <sf_mail_sbm () yahoo com>
To: <security-basics () securityfocus com>
Sent: Wednesday, December 01, 2004 6:40 AM
Subject: Spoof the TO field in emails
Just got an incident today where a user reports to have received a mails
sent to another person
The mail is a phishing attempt
'UserA' got the mail
'UserB' was in the 'TO' field
Received: from mydomain1(xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) by
mydomain2with SMTP (Microsoft Exchange Internet Mail Service Version
id X340ZH77; Wed, 1 Dec 2004 06:51:01 +0400
Received: from SPAM-Domain- yyy.yyy.yyy.yyy by mydomain1 with Microsoft
FCC: mailbox://supprefnum1816646952075 () wamu com/Sent
From: Washington Mutual, Inc <supprefnum1816646952075 () wamu com>
X-Accept-Language: en-us, en
As can be seen from the above, the mail is being sent to 'UserB'
How come 'UserA' got the mail? I know about spoofing the FROM field, but
as far as I know the TO field is not spoofed
May be the header was manipulated, but the IP address in the RECEIVED part
Is it a problem with my mail servers (you can see that Exchange is being
used :) ?
Or is it a technique used by spammers?
Your views will be greatly appreciated
Thanks to all