[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1068933851.4518.13.camel@localhost>
From: khermansen at ht-technology.com (Kristian Hermansen)
Subject: SPAM and "undisclosed recipients"
On Sat, 2003-11-15 at 12:22, Jason DiCioccio wrote:
> Kristian,
> What you are seeing is that you were BCC'd on the message. In the
> process of an email transaction there are multiple times at which
> recipients are specified. There is one at the sender's mailserver, where
> he specifies every recipient that is going to receive his message. He does
> this in the form of 'MAIL TO: <email@...ress>' and repeats it until all of
> the recipients have been listed. The mail server then takes that
> information and connects to all the mail servers it must connect to in
> order to deliver the message to all of the recipients that the sender
> specified. Now, as for what you see in your mail client: That is the To:
> and CC: headers. They are specified in the actual message data and are
> independent of the recipient information that the sender sends to his mail
> server. So, the definition of a BCC (Blind Carbon Copy) really is just a
> recipient that does not get listed in the message header. Instead, it is
> only sent to the mail server as part of the MAIL TO: command sequences.
> The most information you will likely be able to retrieve about who received
> the message is from your Received: headers. You should be able to tell
> from there (depending on the mail server) which alias or address the sender
> actually specified when he attempted to send the message. This can be
> handy if you have multiple aliases and are wondering which one the spam is
> getting to.
>
> Hope this helped.
>
> Regards,
> -JD-
>
> --On Saturday, November 15, 2003 11:10 AM -0500 Kristian Hermansen
> <khermansen@...technology.com> wrote:
>
> >
> >
> > I have a small question about SPAM emails that are sent to "undisclosed
> > recipients". Does this just mean that the server stripped the header
> > before sending it to my account? I don't understand how it could make it
> > to my server, let alone my email account, if nothing was specified. Does
> > this raise any security issues?
> >
> >
> >
> >
> >
> > Kristian Hermansen
> >
> > CEO - H&T Technology Solutions
> >
> > khermansen@...technology.com
> >
> >
>
>
>
>
Yeah, that's exactly what I needed to know. I have about 5 email
accounts that I regulary check, but some SPAM came in this way and was
hard to determine which account it went to. By checking the received
header more carefully I was able to determine it. When the hell are we
going to have a new RFC that eliminates the possibility of SPAM and
makes it secure by default? Is it really that difficult?
Kris Hermansen
Powered by blists - more mailing lists