Mail Header Question

S

Sitara Lal

I'm trying to do some research into spam messages that I get and wonder if
someone can clarify what the "Envelope to" entry means. In the example
below, the 'return-path' is fraudulent and the 'Envelope to' (which I have
edited in this post) is real.

However, the 'To' address (pruitt@...) is non existent on my server and
hence this message should have been bounced as undeliverable. Instead, it
came through.

So could someone please explain what 'Envelope to' means?

=====
Return-path: <[email protected]>
Envelope-to: (e-mail address removed) {edited by me}
Received: from polytechnic.borresen.net ([195.241.76.102])
by centrifuge.carams.org
(InterMail vK.4.04.00.03 479-555-982-20037407 license
8sv051tf0374z9wy5c0jlu8254j2xwd5)
with SMTP
id <[email protected]>
for <[email protected]>; Thu, 21 Apr 2005 11:43:33 -0600
Received: from mail pickup service by centrifuge.carams.org with Microsoft
SMTPSVC; Thu, 21 Apr 2005 20:39:33 +0300
Date: Thu, 21 Apr 2005 21:44:33 +0400
From: "Rachelle Anthony" <[email protected]>
To: <[email protected]> {edited}
Subject: Unbiased info for investor intelligence
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7Bit
X-DNSACTION-MailScanner: Found to be clean, Found to be clean
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
{edited}
X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=2.5 tests=BAYES_99 autolearn=no
version=3.0.2
X-DNSACTION-MailScanner-Information: Please contact the ISP for more
information
X-MailScanner-From: (e-mail address removed)
 
B

Brian Tillman

Sitara Lal said:
I'm trying to do some research into spam messages that I get and
wonder if someone can clarify what the "Envelope to" entry means. In
the example below, the 'return-path' is fraudulent and the 'Envelope
to' (which I have edited in this post) is real.
Click to expand...

When two SMTP routers talk to each other, after they decide thay can
connect, the sending machine send what's called an SMTP envelope to the
receiver, like this:

MAIL FROM:<senderaddress>
RCPT TO:<recipientaddress>
DATA
the message goes here.

The receiving machine does not verify the <senderaddress>, but it's
_supposed_ to be real (although SPAMmers fake it). This is what shows up in
the headers as "Return-path". The <recipientaddress> is the address of the
real recipient and it doesn't have to show in any other header. This is
what is showing up in your headers as "Envelope-to".
However, the 'To' address (pruitt@...) is non existent on my server
and hence this message should have been bounced as undeliverable.
Instead, it came through.
Click to expand...

The To address doesn't have anything to do with who will get the mail. That
is completely determined by the envelope. The To header, as well as From,
Date, and Subject, are part of the data of the message and actually get sent
after the "DATA" command above. Neither sending SMTP router nor receiving
router actually care what's in those fields; neither do they care if they
even exist. Your mail client uses them to present that information to you
when you view the message, but it doesn't have to bear any resemblance to
reality.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Some Internet Headers stripped, even when fwd as attachment in OL2 2
MIME Translation Issues replying to Outlook HTML emails 1
Finding Junk Mail Rule Hits 1
Outlook 2003 - PDF attachments arrive as raw HTML 0
Outlook 2003 NDR error message missing details 2
My email address being spoofed or have I a virus? 3
Outlook 2007 not parsing links... 2
My web based lycos mail may be infected. 1

Top