Possible Duplicate:
How can email possibly be routed to the right place with no to: address?
I've seen this quite a few times now. I will receive an email at a domain that I manage ([email protected]) from an @yahoo.com account but the To header has an email at some entirely unrelated domain name! The DKIM signature contains the To header and they pass validation. How can this be?
Example:
Return-Path: <[email protected]>
Received: from nm8.bullet.mail.ukl.yahoo.com (nm8.bullet.mail.ukl.yahoo.com [217.146.182.249]) by mx.example.com with SMTP;
Mon, 19 Nov 2012 16:38:59 -0500
Received: from [217.12.10.106] by nm8.bullet.mail.ukl.yahoo.com with NNFMP; 19 Nov 2012 21:38:56 -0000
Received: from [217.146.183.128] by tm20.bullet.mail.ukl.yahoo.com with NNFMP; 19 Nov 2012 21:38:40 -0000
Received: from [127.0.0.1] by smtp113.mail.ukl.yahoo.com with NNFMP; 19 Nov 2012 21:38:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1353361120; bh=uCWr2zakkKwpxVn224ejIuEu24fxI7P+IKguxaa4T50=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:Subject:To:Content-Type:X-Mailer; b=O6...(shortened)
X-Yahoo-Newman-Id: [email protected]
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 7YH8p9Y...(shortened)
Received: from uxprj ([email protected] with login)
by smtp113.mail.ukl.yahoo.com with SMTP; 19 Nov 2012 13:38:40 -0800 PST
Message-ID: <[email protected]>
Date: Mon, 19 Nov 2012 15:38:40 -0600
From: "[email protected]" <[email protected]>
Subject: You have (1) new ecard!
To: [email protected]
Content-Type: text/plain; charset=UTF-8
X-Mailer: Opera/6.05 (Windows 2000; U) [fi]
Click here to read it now! http://bit.ly/TMCHTA
To clarify: The above is an actual email that was sent to [email protected] even though the To header shows an sbcglobal.net address.
Perhaps if I understand how the spammers are doing this I can prevent it on my server. If it matters, my server is running SmarterMail 10.x.
The correct answer would be "read the RFC", but an easier to remember version would be "that's exactly how mailing lists work". You send an email "to" the mailing list, and then it gets delivered to all subscribers. None of the subscribers are in the To, Cc, or Bcc lines.
If I send you a letter, DKIM just confirms that I sent it and it wasn't tampered with.
The
Toheader in the body of the email specifies who the body of the letter was written to, not who it was sent to. If I write a letter to Jack and send a copy to you, theToheader should read Jack. The letter is to Jack, you're just receiving a copy. Think of theToheader as specifying the person the sender claims the letter was originally addressed to.The
To:header is usually the same as the addresses of at least one of the recipients. Header addresses are like the contents of a letter. A letter can be addressed to anyone or noone, but it has no impact on who the mail is actually delivered to. The letter is placed in an envelope and the envelope is addressed to someone. Delivery depends on what is on the outside of the envelope, not the contents of the envelope.Email delivery works like a letter. The headers and contents of the message are treated like a letter, and are ignored when it comes to delivery. The delivery mechanism relies on a separate set of addresses known as the envelope addresses. Delivery will be attempted to any destination addresses specified on the envelope.
For most software, the addresses specified as
To:orCC:will be the recipients will be written to the headers. AdditionalBCC:address will be added to the envelope, but not written to the headers. Programs which generate email may not follow this behaviour.Spambots (programs sending Spam) often have a fixed message which is sent out to a long list of recipients. This is one type of software which will generate the kind of email you received. There are legitimate cases which lead to the behavior you are seeing: