Loading ...
Sorry, an error occurred while loading the content.

E-mails Received without your e-mail address

Expand Messages
  • Charlie Hansen
    Content-type: Multipart/Alternative; boundary= Alt-Boundary-9652.33783734 --Alt-Boundary-9652.33783734 Have your ever wondered why you received an e-mail
    Message 1 of 1 , Oct 13, 2007
    • 0 Attachment
      Content-type: Multipart/Alternative; boundary="Alt-Boundary-9652.33783734"

      --Alt-Boundary-9652.33783734
      Have your ever wondered why you received an e-mail (spam) that does not have your
      address in either to TO or CC headers?

      If you create a log of the message sent from your e-mail client to the SMTP (Simple Mail
      Transport Protocol) handler of your ISP, you will find that your TO, FROM or CC entries are
      not used in determining the addresses that will actually receive your message. What
      actually is used is the address that is contained in a
      RCPT TO:<address@domain>\ (RCPT = Recipient) command to the SMTP
      handler.

      The SMTP protocol is so simple that, if you understand the format, you can actually send an
      e-mail message using a Telnet connection without using any e-mail client. A simple script
      could easily be written to send lots (hundreds?) of RCPT TO: commands in an e-mail and
      use fake TO, FROM and CC addresses. The RCPT TO: will not show up in the headers of
      your received e-mails as they are removed by the POP3 server before you get your e-mail.

      This is the method used by spammers to send you that e-mail that you wondered why you
      got it.

      I hope this rather technical e-mail is of interest.

      Charlie Hansen

      =========================================

      What follows is a log of an e-mail that I sent to various alias addresses that I have which I
      entered in the CC line of the message. [I have replaced the actual addresses that I used
      with"address#"}. The numerals at the start of each line indicate time to thousands of a
      second. The double carets indicate the direction of transmission. The next 4digit number
      gives the number of hexadecimal characters in the line, followed by the command or
      acknowledgement code. In this case the RCPT TO: addresses match the CC addresses
      that I used.

      ===========================================

      --- Mon, 08 Oct 2007 21:14:41 ---
      Connect to 'smtp.telus.net' port 25, timeout 90.
      21:14:41.484 [*] Connection established to 204.209.205.51
      21:14:41.515 >> 0042 220 priv-edmwaa06.telusplanet.net ESMTP \0D\0A
      21:14:41.515 << 0022 EHLO [192.168.0.102]\0D\0A
      21:14:41.546 >> 0035 250-priv-edmwaa06.telusplanet.net\0D\0A
      21:14:41.546 >> 0016 250-PIPELINING\0D\0A
      21:14:41.546 >> 0019 250-SIZE 20971520\0D\0A
      21:14:41.546 >> 0010 250-ETRN\0D\0A
      21:14:41.546 >> 0014 250 8BITMIME\0D\0A
      21:14:41.546 << 0041 MAIL FROM:<4Charlie@...> SIZE=497\0D\0A
      21:14:41.578 >> 0008 250 Ok\0D\0A
      21:14:41.578 << 0030 RCPT TO:<address1@...>\0D\0A
      21:14:41.703 >> 0008 250 Ok\0D\0A
      21:14:41.703 << 0030 RCPT TO:< address2@...>\0D\0A
      21:14:42.843 >> 0008 250 Ok\0D\0A
      21:14:42.843 << 0031 RCPT TO:< address3@...>\0D\0A
      21:14:42.968 >> 0008 250 Ok\0D\0A
      21:14:42.968 << 0031 RCPT TO:< address4@...>\0D\0A
      21:14:42.093 >> 0008 250 Ok\0D\0A
      21:14:42.093 << 0031 RCPT TO:< address5@...>\0D\0A
      21:14:42.234 >> 0008 250 Ok\0D\0A
      21:14:42.234 << 0034 RCPT TO:< address6@...>\0D\0A
      21:14:42.359 >> 0008 250 Ok\0D\0A
      21:14:42.359 << 0006 DATA\0D\0A
      21:14:42.390 >> 0037 354 End data with <CR><LF>.<CR><LF>\0D\0A
      21:14:42.390 << 0045 From: "Charlie Hansen" <4Charlie@...>\0D\0A
      21:14:42.390 << 0024 To: address1@...\0D\0A
      21:14:42.390 << 0039 Date: Mon, 08 Oct 2007 21:14:41 -0600\0D\0A
      21:14:42.390 << 0028 Subject: SMPT address test\0D\0A
      21:14:42.390 << 0030 Reply-to: 4Charlie@...\0D\0A
      21:14:42.390 << 0025 CC: address2@...,\0D\0A
      21:14:42.390 << 0036 address3@...,\0D\0A
      21:14:42.390 << 0036 address4@...,\0D\0A
      21:14:42.390 << 0036 address5@...,\0D\0A
      21:14:42.390 << 0038 address6@...\0D\0A
      21:14:42.390 << 0057 Message-ID: <470A9DC1.10152.2815507@...>\0D\0A
      21:14:42.390 << 0018 Priority: normal\0D\0A
      21:14:42.390 << 0043 X-mailer: Pegasus Mail for Windows (4.31)\0D\0A
      21:14:42.390 << 0002 \0D\0A
      21:14:42.390 << 0015 Address test.\0D\0A
      21:14:42.390 << 0003 .\0D\0A
      21:14:42.656 >> 0030 250 Ok: queued as 7A2DJ20VQ4\0D\0A
      21:14:42.671 << 0006 QUIT\0D\0A
      21:14:42.687 >> 0009 221 Bye\0D\0A
      21:14:42.687 --- Connection closed normally at Mon, 08 Oct 2007 21:14:42. ---\0A\0A

      ============================================


      --Alt-Boundary-9652.33783734
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
      <title></title>
      <meta http-equiv="content-type" content="text/html;charset=utf-8"/>
      <meta http-equiv="Content-Style-Type" content="text/css"/>
      </head>
      <body>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">Have your ever wondered why you received an e-mail (spam) that does not have your
      address in either to TO or CC headers? </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">If you create a log of the message sent from your e-mail client to the SMTP (Simple Mail
      Transport Protocol) handler of your ISP, you will find that your TO, FROM or CC entries are
      <b>not</b> used in determining the addresses that will actually receive your message. What
      actually is used is the address that is contained in a </span></font></div>
      <div align="left"><font face="Courier New" color="#ff0000" size="2"><span style="font-size:10pt">RCPT TO:<address@domain>\ </span></font><font face="Courier New" size="2"><span style="font-size:10pt">(RCPT = Recipient) </span></font><font face="Arial" size="2"><span style="font-size:10pt">command to the SMTP
      handler.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">The SMTP protocol is so simple that, if you understand the format, you can actually send an
      e-mail message using a Telnet connection without using any e-mail client. A simple script
      could easily be written to send lots (hundreds?) of RCPT TO: commands in an e-mail and
      use fake TO, FROM and CC addresses.  The RCPT TO: will not show up in the headers of
      your received e-mails as they are removed by the POP3 server before you get your e-mail.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">This is the method used by spammers to send you that e-mail that you wondered why you
      got it.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">I hope this rather technical e-mail is of interest.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">Charlie Hansen</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">=========================================</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">What follows is a log of an e-mail that I sent to various alias addresses that I have which I
      entered in the CC line of the message. [I have replaced the actual addresses that I used
      with"address#"}.  The numerals at the start of each line indicate time to thousands of a
      second. The double carets indicate the direction of transmission. The next 4digit number
      gives the number of hexadecimal characters in the line, followed by the command or
      acknowledgement code.  In this case the RCPT TO: addresses match the CC addresses
      that I used.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">===========================================</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">--- Mon, 08 Oct 2007 21:14:41 ---</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">Connect to 'smtp.telus.net' port 25, timeout 90.</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.484 [*] Connection established to 204.209.205.51</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.515 >> 0042 220 priv-edmwaa06.telusplanet.net ESMTP \0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.515 << 0022 EHLO [192.168.0.102]\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 >> 0035 250-priv-edmwaa06.telusplanet.net\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 >> 0016 250-PIPELINING\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 >> 0019 250-SIZE 20971520\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 >> 0010 250-ETRN\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 >> 0014 250 8BITMIME\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.546 << 0041 MAIL FROM:<4Charlie@...> SIZE=497\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:41.578 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:41.578 << 0030 RCPT TO:<address1@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:41.703 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:41.703 << 0030 RCPT TO:< address2@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.843 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.843 << 0031 RCPT TO:< address3@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.968 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.968 << 0031 RCPT TO:< address4@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.093 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.093 << 0031 RCPT TO:< address5@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.234 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.234 << 0034 RCPT TO:< address6@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" color="#ff0000" size="2"><span style="font-size:10pt">21:14:42.359 >> 0008 250 Ok\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.359 << 0006 DATA\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 >> 0037 354 End data with <CR><LF>.<CR><LF>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0045 From: "Charlie Hansen" <4Charlie@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0024 To: address1@...\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0039 Date: Mon, 08 Oct 2007 21:14:41 -0600\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0028 Subject: SMPT address test\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0030 Reply-to: 4Charlie@...\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0025 CC: address2@...,\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0036               address3@...,\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0036               address4@...,\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0036               address5@...,\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0038               address6@...\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0057 Message-ID: <470A9DC1.10152.2815507@...>\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0018 Priority: normal\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0043 X-mailer: Pegasus Mail for Windows (4.31)\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0002 \0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0015 Address test.\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.390 << 0003 .\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.656 >> 0030 250 Ok: queued as 7A2DJ20VQ4\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.671 << 0006 QUIT\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.687 >> 0009 221 Bye\0D\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">21:14:42.687 --- Connection closed normally at Mon, 08 Oct 2007 21:14:42. ---\0A\0A</span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
      </span></font></div>
      <div align="left"><font face="Arial" size="2"><span style="font-size:10pt">============================================</span></font></div>
      <div align="left"></div>
      </body>
      </html>

      --Alt-Boundary-9652.33783734--
    Your message has been successfully submitted and would be delivered to recipients shortly.