Why do I get spam that is NOT addressed to me?
Tags: Spam
Working in support I am often asked this question: a customer opens a spam message in the SpamSentinel Quarantine.nsf and the "To" field of the email does not contain their name. Also, their email address is nowhere to be found in the message. Why is that?
Well, the answer is quite simple. The "To" field on an email is there purely for cosmetic purposes and spammers can enter anything they like here, it will not affect message delivery. The real address is contained within the SMTP envelope when the mail server accepts the message. This envelope is discarded by the router once the message is delivered, so you never get to see it.
You can liken this to a real life 'snail-mail' example, consider this:
A company sends me a letter, addressed correctly with "Nick McCann" on the (paper) envelope, however on the actual letter it says "Dear Mr. Smith". My secretary, being the diligent person that she is, has opened all of my letters and placed the envelopes in the recycling box. So, when I read the letter, it's not addressed to me!
For a more technical explanation, consider this SMTP conversation between sender and server:
220 mail.maysoft.com ESMTP Service (Lotus Domino Release 8.0) ready at Tue, 25 Mar 2008 12:11:53 +0000
helo spam@sender.com
250 mail.maysoft.com Hello spam@sender.com ([127.0.0.1]), pleased to meet you
mail from:spammer@sender.com
250 spammer@sender.com... Sender OK
rcpt to:nick@maysoft.com
250 nick@maysoft.com... Recipient OK
data
354 Enter message, end with "." on a line by itself
subject:You will not see your name in the To field
(Here is where they change the visible recipient to another name)
To:billy@nomates.com
Do you see your name above?
.
250 Message accepted for delivery
You can see that the real address was contained in the 'rcpt to:' command, which forms part of the SMTP envelope. This was overridden by the 'To:' header as part of the data command, so the resulting Lotus Notes email looks like this:
Furthermore, if you check the message headers, you see no mention of your email address here either. The router has discarded the envelope just like the diligent secretary!
Received: from spam@sender.com ([127.0.0.1])
by mail.maysoft.com (Lotus Domino Release 8.0)
with SMTP id 2008032512132330-2 ;
Tue, 25 Mar 2008 12:13:23 +0000
subject:You will not see your name in the To field
To:billy@nomates.com
X-MIMETrack: Itemize by SMTP Server on Mail/Maysoft(Release 8.0|August 02, 2007) at 25/03/2008
12:14:25,
Serialize by Notes Client on Nick McCann/Maysoft(Release 8.0|August 02, 2007) at
25/03/2008 12:25:18,
Serialize complete at 25/03/2008 12:25:18
From: spammer@sender.com
Date: Tue, 25 Mar 2008 12:14:25 +0000
Message-ID: <OFC38DCBBD.D8967F6D-ON80257417.00433D1E@maysoft.com>
Working in support I am often asked this question: a customer opens a spam message in the SpamSentinel Quarantine.nsf and the "To" field of the email does not contain their name. Also, their email address is nowhere to be found in the message. Why is that?
Well, the answer is quite simple. The "To" field on an email is there purely for cosmetic purposes and spammers can enter anything they like here, it will not affect message delivery. The real address is contained within the SMTP envelope when the mail server accepts the message. This envelope is discarded by the router once the message is delivered, so you never get to see it.
You can liken this to a real life 'snail-mail' example, consider this:
A company sends me a letter, addressed correctly with "Nick McCann" on the (paper) envelope, however on the actual letter it says "Dear Mr. Smith". My secretary, being the diligent person that she is, has opened all of my letters and placed the envelopes in the recycling box. So, when I read the letter, it's not addressed to me!
For a more technical explanation, consider this SMTP conversation between sender and server:
220 mail.maysoft.com ESMTP Service (Lotus Domino Release 8.0) ready at Tue, 25 Mar 2008 12:11:53 +0000
helo spam@sender.com
250 mail.maysoft.com Hello spam@sender.com ([127.0.0.1]), pleased to meet you
mail from:spammer@sender.com
250 spammer@sender.com... Sender OK
rcpt to:nick@maysoft.com
250 nick@maysoft.com... Recipient OK
data
354 Enter message, end with "." on a line by itself
subject:You will not see your name in the To field
(Here is where they change the visible recipient to another name)
To:billy@nomates.com
Do you see your name above?
.
250 Message accepted for delivery
You can see that the real address was contained in the 'rcpt to:' command, which forms part of the SMTP envelope. This was overridden by the 'To:' header as part of the data command, so the resulting Lotus Notes email looks like this:
Furthermore, if you check the message headers, you see no mention of your email address here either. The router has discarded the envelope just like the diligent secretary!
Received: from spam@sender.com ([127.0.0.1])
by mail.maysoft.com (Lotus Domino Release 8.0)
with SMTP id 2008032512132330-2 ;
Tue, 25 Mar 2008 12:13:23 +0000
subject:You will not see your name in the To field
To:billy@nomates.com
X-MIMETrack: Itemize by SMTP Server on Mail/Maysoft(Release 8.0|August 02, 2007) at 25/03/2008
12:14:25,
Serialize by Notes Client on Nick McCann/Maysoft(Release 8.0|August 02, 2007) at
25/03/2008 12:25:18,
Serialize complete at 25/03/2008 12:25:18
From: spammer@sender.com
Date: Tue, 25 Mar 2008 12:14:25 +0000
Message-ID: <OFC38DCBBD.D8967F6D-ON80257417.00433D1E@maysoft.com>
| Permalink | 
-
Comments
Posted by Barb Chase At 10:31:44 AM On 03/28/2008 | - Website - |
Also, little reading
{ Link }
Posted by JYR At 08:52:55 PM On 03/26/2008 | - Website - |
Posted by Jérôme Deniau At 05:41:50 PM On 03/26/2008 | - Website - |
I get asked that question all the time, too, but never thought of an easy to understand answer. This is great.
Posted by Alex Kassabov At 03:59:59 PM On 03/26/2008 | - Website - |