Security Basics mailing list archives
Spoof the TO field in emails
From: <sf_mail_sbm () yahoo com>
Date: 1 Dec 2004 11:40:41 -0000
Hi List, Just got an incident today where a user reports to have received a mails sent to another person The mail is a phishing attempt TECHNICALS: ----------- 'UserA' got the mail 'UserB' was in the 'TO' field HEADER: ------- Received: from mydomain1(xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) by mydomain2with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id X340ZH77; Wed, 1 Dec 2004 06:51:01 +0400 Received: from SPAM-Domain- yyy.yyy.yyy.yyy by mydomain1 with Microsoft SMTPSVC(5.5.1774.114.11); FCC: mailbox://supprefnum1816646952075 () wamu com/Sent From: Washington Mutual, Inc <supprefnum1816646952075 () wamu com> X-Accept-Language: en-us, en To: UserB .... ======================================= As can be seen from the above, the mail is being sent to 'UserB' How come 'UserA' got the mail? I know about spoofing the FROM field, but as far as I know the TO field is not spoofed May be the header was manipulated, but the IP address in the RECEIVED part are OK Is it a problem with my mail servers (you can see that Exchange is being used :) ? Or is it a technique used by spammers? Your views will be greatly appreciated Thanks to all Ronish
Current thread:
- Spoof the TO field in emails sf_mail_sbm (Dec 01)
- Re: Spoof the TO field in emails Satish Matta (Dec 01)
- Re: Spoof the TO field in emails Alexander Klimov (Dec 01)
- Re: Spoof the TO field in emails Alex 'CAVE' Cernat (Dec 01)
- Re: Spoof the TO field in emails Ansgar -59cobalt- Wiechers (Dec 02)
- <Possible follow-ups>
- Re:Spoof the TO field in emails Ghaith Nasrawi (Dec 01)
- Re: Spoof the TO field in emails Robert Mezzone (Dec 03)