Spam header question


#1

I don’t want to paste the header here, but I’m looking at an email sent to a client named “Jane”. Jane has an email address set up at jane@domainname.com.

In the headers, it looks like the message was sent to jAne@knife.dreamhost.com. I don’t see domainname.com anywhere in the headers. Did this spam just go to any user named “Jane” on knife.dreamhost.com? Or is her real email address somehow hidden so that I can’t see it in the header?


#2

The latter. When a message is sent, the recipient is specified separately. The “To” header does not necessarily reflect the recipient.

However the “To” header may be modified when the message is being delivered. You see, “Jane” is not an e-mail address. So to make it an e-mail address, a hostname needs to be added, thus you’ll get “To: Jane@hostname” if the message headers were originally “To: Jane”. Sometimes you’ll even get spam addressed as “To: Buy@hostname, Our@hostname, Crap@hostname” because of this.

:cool: Perl / MySQL / HTML+CSS


#3

Often when my address doesn’t show up in the To: field, it’s because the sender put it in the Bcc: field, which doesn’t show up in the headers.

-Scott