Home page logo

basics logo Security Basics mailing list archives

Re: Spoof the TO field in emails
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 1 Dec 2004 19:44:57 +0100

On 2004-12-01 sf_mail_sbm () yahoo com wrote:
Just got an incident today where a user reports to have received a
mails sent to another person
'UserA' got the mail
'UserB' was in the 'TO' field
How come 'UserA' got the mail? I know about spoofing the FROM field,
but as far as I know the TO field is not spoofed

That's how SMTP works. Mail is delivered by to the address specified in
the RCPT TO field in the envelope. The value in the TO field is usually,
but not necessarily, used to generate the RCPT TO.

Have a look at this mail. Though your mail address presumably is not
"security-basics () securityfocus com" you received this mail. Another
example: if you BCC a mail, the recipient will receive the mail, though
his address doesn't show up anywhere in the headers.

May be the header was manipulated, but the IP address in the RECEIVED
part are OK

No, the headers most likely have not been manipulated.

Is it a problem with my mail servers (you can see that Exchange is
being used :) ? 


Or is it a technique used by spammers?

It is abused by spammers.

Ansgar Wiechers
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]