[Dshield] Spam Trek - The Next Generation

Coxe, John B. JOHN.B.COXE at saic.com
Fri Jun 7 20:11:42 GMT 2002


Two RFCs (and their updates) are relevant for smtp: rfc821 and rfc822.
rfc822 is what your client (MUA) uses to display header information and
determined where to send replied, whether to send receipts, treat as high
priority or confidential, ...  It should be maintained by successive MTAs
that handle the message, adding "Received:" headers most notably.

The RFC, rfc821, governs the smtp transport.  When one MTA is sending mail
to another, it sends "RCPT TO:" commands for each recipient that MTA should
handle.  A "Smart Host" will get all recipients.  Otherwise, typically
widgets.com will only get the ones for their domain.  This way bcc:
recipients are still blind to all but the MX MTA for their domains.  They do
not get written to the rfc822 header at all.  In fact, that header is
entirely optional.  Some MTAs have been known to insert the rfc ("MAIL
FROM:") originator in the rfc822 "To:" if it is absent.  But the fact that
the fields are optional and really not policed by the MTAs, as they are not
used for transport, they can never be trusted.  Kiddies used to love to say
they were president at whitehouse.gov.  (Of course, most servers will even
accept that in the transport "MAIL FROM:" as virtual domains have made some
auth schemes a pain if you turn on some options.)

<RANT SOAPBOX_LEVEL="high">
Another note that some people, especially M$ bashers, might find amusing or
disturbing is the lack of regard for the RFC in MicroS**t's Outlook Web
Access (OWA) product.  If a user receives a message and replies there, it
completely disregards any "Reply-To:" header and always replies to the
"From:" address.  The way I found it was on this list actually.  I replied
to one of Johannes' posts a while back, assuming it would go back to the
whole list as it should and does from my aleph0 or my desktop saic MUAs.
Didn't work that way.  Tested it myself and found it to be their way of
operating.  COntacting M$, they acknowledge that it works this way and there
is no plans to change that.  And they wonder why they still occasionally
fail to impress knowledgeable people that they are world-class,
enterprise-level, professional solutions to everything.
</RANT>

-----Original Message-----
From: David Sentelle [mailto:David.Sentelle at cnbcbank.com]
Sent: Friday, June 07, 2002 9:34 AM
To: list at dshield.org
Subject: [Dshield] Spam Trek - The Next Generation

<snip>

My question is how can I get email that doesn't have my email address in the
full header?

TIA & good weekend to all-






----------------------------------------
David Sentelle
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice    614.848.8830 Fax


This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which 
they are addressed. If you have received this e-mail in error, 
please notify admin at cnbcbank.com and delete it from your system.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list