lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: SPAM and "undisclosed recipients" 

On Sat, 15 Nov 2003 11:10:37 EST, Kristian Hermansen <khermansen@...technology.com>  said:

> I have a small question about SPAM emails that are sent to "undisclosed
> recipients".  Does this just mean that the server stripped the header before
> sending it to my account?  I don't understand how it could make it to my
> server, let alone my email account, if nothing was specified.  Does this
> raise any security issues?

Mail is actually routed via the RFC821/2821 MAIL FROM and RCPT TO commands, not
by the RFC822/2822 From:/To:/cc:/Bcc: lines.  Think - mail from this list gets to you
even though you're not in the To: line. :)

"undisclosed recipients" just means that somebody/something decided to add into
the rfc822 headers the fact that the mail was bcc'ed to multiple people.

See rfc2822, sections 3.6.3 and 5 about bcc: for more details on this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031115/f796c1ba/attachment.bin

Powered by blists - more mailing lists