RE: spam question(OT)
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 14 Jul 2005 11:54:30 -0700
Actually, it is on topic as an Exchange admin should know how SMTP
communications take place.
The header and body of an e-mail message is called DATA. The DATA must be
made up of certain information and formatted in a certain way. The
information displayed in your e-mail client is taken from the DATA. The DATA
portion can be any thing as long as it meets the formatting requirements. So
I can have in the DATA from joeshomo to LimpyLucy and that is what your
e-mail client will display but the servers do not use that information.
When a SMTP communication takes place, it goes something like this:
----------------------------------------------------------------------------
---------------
SMTP (984b036600001015) processing F:\Spool\Q984b036600001015.SMD
SMTP (984b036600001015) [x] looking up remotedomain.moc in HOSTS and MX
SMTP (984b036600001015) Trying remotedomain.moc (0)
SMTP (984b036600001015) [x] Connecting socket to service <SMTP> on host
<remotedomain.moc> using protocol <tcp>
SMTP (984b036600001015) [x] using source IP for mail.serverdomain.moc
[67.94.227.39]
SMTP (984b036600001015) Connect remotedomain.moc [65.54.167.5:25] (1)
SMTP (984b036600001015) 220 mc11-f14.remotedomain.moc Sending unsolicited
commercial or bulk e-mail to Microsoft's computer network is prohibited.
Other restrictions are found at http://privacy.msn.com/Anti-spam/.
Violations will result in use of equipment located in California and other
states. Wed, 13 Jul 2005 15:40:17 -0700
SMTP (984b036600001015) >EHLO mail.serverdomain.moc
SMTP (984b036600001015) 250-mc11-f14.remotedomain.moc (3.0.1.19) Hello
[67.94.227.39]
SMTP (984b036600001015) 250-SIZE 29696000
SMTP (984b036600001015) 250-PIPELINING
SMTP (984b036600001015) 250-8bitmime
SMTP (984b036600001015) 250-BINARYMIME
SMTP (984b036600001015) 250-CHUNKING
SMTP (984b036600001015) 250-AUTH LOGIN
SMTP (984b036600001015) 250-AUTH=LOGIN
SMTP (984b036600001015) 250 OK
----------------------------------------------------------------------------
----------
The above part is called the hand shake, where the sending server
communicates with the receiving server and they kind of tell each other what
commands are supported.
----------------------------------------------------------------------------
---------------
SMTP (984b036600001015) >MAIL FROM:<michele@xxxxxxxxxxxxxxx>
SMTP (984b036600001015) 250 michele@xxxxxxxxxxxxxxxxxxxxxxxxx OK
SMTP (984b036600001015) >RCPT To:<carlritzert@xxxxxxxxxxxxxxxx>
SMTP (984b036600001015) 250 carlritzert@xxxxxxxxxxxxxxxx
----------------------------------------------------------------------------
----------------
The above is where the sending e-mail server tells the receiving e-mail
server who the message is from and who it is going to. The > is the line
from the sending server and the 250 is the acknowledgement from the
receiving server.
----------------------------------------------------------------------------
-----------------
SMTP (984b036600001015) >DATA
SMTP (984b036600001015) 354 Start mail input; end with <CRLF>.<CRLF>
SMTP (984b036600001015) >.
SMTP (984b036600001015) 250
<7C287DEAD127A347B3011892C041AC33E2C545@xxxxxxxxxxxxxxxxxxxx> Queued mail
for delivery
----------------------------------------------------------------------------
------------------
The above is when the actual DATA is sent, the actual header and body of the
message.
----------------------------------------------------------------------------
-----------------------
SMTP (984b036600001015) rdeliver remotedomain.moc
carlritzert@xxxxxxxxxxxxxxxx (1) <michele@xxxxxxxxxxxxxxx> 3774
SMTP (984b036600001015) >QUIT
SMTP (984b036600001015) 221 mc11-f14.remotedomain.moc Service closing
transmission channel
SMTP (984b036600001015) [u] closing socket (u)
----------------------------------------------------------------------------
-----------------------
The above are the 2 servers saying so long it was nice talking to you.
John T
eServices For You
> -----Original Message-----
> From: Kern, Tom [mailto:tkern@xxxxxxxxxxx]
> Sent: Thursday, July 14, 2005 11:14 AM
> To: [ExchangeList]
> Subject: [exchangelist] spam question(OT)
>
> http://www.MSExchange.org/
>
> not really exchange related. i was wondering how spammers are able to
forge the TO:
> header of an email so that you get the email even though its not addressed
to you.
>
> like if i'm joe@xxxxxxxxxxxxxx, i get an email to my inbox addressed only
to
> bob@xxxxxxxxxxxxxx or bob@xxxxxxxxxxxxxxxxxxx?
> is it that the envelope headers are addessed to me but the email TO:
headers are
> changed?
>
> Is this this the same thing as when you get spam and the TO: headers say
> "undisclosed recipients"?
>
> thanks
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
