[Full-Disclosure] SPAM and "undisclosed recipients"
khermansen at ht-technology.com
Sat Nov 15 22:04:13 GMT 2003
On Sat, 2003-11-15 at 12:22, Jason DiCioccio wrote:
> What you are seeing is that you were BCC'd on the message. In the
> process of an email transaction there are multiple times at which
> recipients are specified. There is one at the sender's mailserver, where
> he specifies every recipient that is going to receive his message. He does
> this in the form of 'MAIL TO: <email at address>' and repeats it until all of
> the recipients have been listed. The mail server then takes that
> information and connects to all the mail servers it must connect to in
> order to deliver the message to all of the recipients that the sender
> specified. Now, as for what you see in your mail client: That is the To:
> and CC: headers. They are specified in the actual message data and are
> independent of the recipient information that the sender sends to his mail
> server. So, the definition of a BCC (Blind Carbon Copy) really is just a
> recipient that does not get listed in the message header. Instead, it is
> only sent to the mail server as part of the MAIL TO: command sequences.
> The most information you will likely be able to retrieve about who received
> the message is from your Received: headers. You should be able to tell
> from there (depending on the mail server) which alias or address the sender
> actually specified when he attempted to send the message. This can be
> handy if you have multiple aliases and are wondering which one the spam is
> getting to.
> Hope this helped.
> --On Saturday, November 15, 2003 11:10 AM -0500 Kristian Hermansen
> <khermansen at ht-technology.com> wrote:
> > I have a small question about SPAM emails that are sent to "undisclosed
> > recipients". Does this just mean that the server stripped the header
> > before sending it to my account? I don't understand how it could make it
> > to my server, let alone my email account, if nothing was specified. Does
> > this raise any security issues?
> > Kristian Hermansen
> > CEO - H&T Technology Solutions
> > khermansen at ht-technology.com
Yeah, that's exactly what I needed to know. I have about 5 email
accounts that I regulary check, but some SPAM came in this way and was
hard to determine which account it went to. By checking the received
header more carefully I was able to determine it. When the hell are we
going to have a new RFC that eliminates the possibility of SPAM and
makes it secure by default? Is it really that difficult?
Full-Disclosure is hosted and sponsored by Secunia.