Actually, You can skip all the 822 fields and most hosts will allow you to specify the from as anything. Some may require a valid domain, but it does not need to be your own. The only giveaway might be the return-path in the header. In this case the TO will match the 821 rcpt to.
telnet <mailserver> 25 helo FakeServer.com mail from: <[EMAIL PROTECTED]> rcpt to: <[EMAIL PROTECTED]> data test message quit -----Original Message----- From: Exchange Discussions [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 12:54 PM Subject: RE: How is this possible ? In the header, all fields are optional, except that one of the three "to" fields (to, cc, and bcc) has to have something in it. It does not matter which one. Delivery can occur if the correct address is in any of the three, NOT JUST THE "TO" FIELD. Of the three, mail readers only display two. BCC is not displayed. In fact, you can use a telnet utility to directly craft a header any way you want it, including leaving the from field blank of plugging in someone else's address. Nothing in the RFCs prevent this. Not many applications do this deliberately, but you can see how an anonymous mail host works - yes? So, if the "to" field has a different address and the "cc" field is blank, where was the address that caused delivery? -----Original Message----- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 9:35 AM Subject: RE: How is this possible ? Or RFC2821/2822. I've read them several times and I still don't understand the foundation technology. Can't we wipe it clean and start over? -----Original Message----- From: Ed Crowley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:44 AM To: Exchange Discussions Subject: RE: How is this possible ? I keep telling y'all to read RFCs 821 and 822. This all becomes a lot clearer when you understand the foundation technology. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant Compaq Computer Corporation Protecting the world from PSTs and Bricked Backups! -----Original Message----- From: [EMAIL PROTECTED] Sent: Wednesday, February 27, 2002 7:42 AM To: Exchange Discussions Subject: How is this possible ? I have a user who received an email where the TO: field showed a 'bellatlantic.net' email address (which he claims he doesn't own). However, the email showed up on our Exchange server in his Exchange mailbox (on his 'aim.org' email address) How is this possible ? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]