RE: spam question(OT)

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 14 Jul 2005 11:54:30 -0700

Actually, it is on topic as an Exchange admin should know how SMTP
communications take place.

The header and body of an e-mail message is called DATA. The DATA must be
made up of certain information and formatted in a certain way. The
information displayed in your e-mail client is taken from the DATA. The DATA
portion can be any thing as long as it meets the formatting requirements. So
I can have in the DATA from joeshomo to LimpyLucy and that is what your
e-mail client will display but the servers do not use that information. 

When a SMTP communication takes place, it goes something like this:
SMTP (984b036600001015) processing F:\Spool\Q984b036600001015.SMD
SMTP (984b036600001015) [x] looking up remotedomain.moc in HOSTS and MX
SMTP (984b036600001015) Trying remotedomain.moc (0)
SMTP (984b036600001015) [x] Connecting socket to service <SMTP> on host
<remotedomain.moc> using protocol <tcp>
SMTP (984b036600001015) [x] using source IP for mail.serverdomain.moc
SMTP (984b036600001015) Connect remotedomain.moc [] (1)
SMTP (984b036600001015) 220 mc11-f14.remotedomain.moc Sending unsolicited
commercial or bulk e-mail to Microsoft's computer network is prohibited.
Other restrictions are found at
Violations will result in use of equipment located in California and other
states. Wed, 13 Jul 2005 15:40:17 -0700
SMTP (984b036600001015) >EHLO mail.serverdomain.moc
SMTP (984b036600001015) 250-mc11-f14.remotedomain.moc ( Hello
SMTP (984b036600001015) 250-SIZE 29696000
SMTP (984b036600001015) 250-PIPELINING
SMTP (984b036600001015) 250-8bitmime
SMTP (984b036600001015) 250-BINARYMIME
SMTP (984b036600001015) 250-CHUNKING
SMTP (984b036600001015) 250-AUTH LOGIN
SMTP (984b036600001015) 250-AUTH=LOGIN
SMTP (984b036600001015) 250 OK
The above part is called the hand shake, where the sending server
communicates with the receiving server and they kind of tell each other what
commands are supported.
SMTP (984b036600001015) >MAIL FROM:<michele@xxxxxxxxxxxxxxx>
SMTP (984b036600001015) 250 michele@xxxxxxxxxxxxxxxxxxxxxxxxx OK
SMTP (984b036600001015) >RCPT To:<carlritzert@xxxxxxxxxxxxxxxx>
SMTP (984b036600001015) 250 carlritzert@xxxxxxxxxxxxxxxx
The above is where the sending e-mail server tells the receiving e-mail
server who the message is from and who it is going to. The > is the line
from the sending server and the 250 is the acknowledgement from the
receiving server.
SMTP (984b036600001015) >DATA
SMTP (984b036600001015) 354 Start mail input; end with <CRLF>.<CRLF>
SMTP (984b036600001015) >.
SMTP (984b036600001015) 250
<7C287DEAD127A347B3011892C041AC33E2C545@xxxxxxxxxxxxxxxxxxxx> Queued mail
for delivery
The above is when the actual DATA is sent, the actual header and body of the
SMTP (984b036600001015) rdeliver remotedomain.moc
carlritzert@xxxxxxxxxxxxxxxx (1) <michele@xxxxxxxxxxxxxxx> 3774
SMTP (984b036600001015) >QUIT
SMTP (984b036600001015) 221 mc11-f14.remotedomain.moc Service closing
transmission channel
SMTP (984b036600001015) [u] closing socket (u)
The above are the 2 servers saying so long it was nice talking to you.

John T
eServices For You

> -----Original Message-----
> From: Kern, Tom [mailto:tkern@xxxxxxxxxxx]
> Sent: Thursday, July 14, 2005 11:14 AM
> To: [ExchangeList]
> Subject: [exchangelist] spam question(OT)
> not really exchange related. i was wondering how spammers are able to
forge the TO:
> header of an email so that you get the email even though its not addressed
to you.
> like if i'm joe@xxxxxxxxxxxxxx, i get an email to my inbox addressed only
> bob@xxxxxxxxxxxxxx or bob@xxxxxxxxxxxxxxxxxxx?
> is it that the envelope headers are addessed to me but the email TO:
headers are
> changed?
> Is this this the same thing as when you get spam and the TO: headers say
> "undisclosed recipients"?
> thanks
> ------------------------------------------------------
> List Archives:
> Exchange Newsletters:
> Exchange FAQ:
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking:
> Leading Network Software Directory:
> No.1 ISA Server Resource Site:
> Windows Security Resource Site:
> Network Security Library:
> Windows 2000/NT Fax Solutions:
> ------------------------------------------------------
> You are currently subscribed to this Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: