Both the envelope from ( MAIL FROM:<reverse-path>) and header from (From: originator) can be anything the sending SMTP client wants. Anything not added by a trusted server is suspect. The only trustworthy data are received header fields added by trusted servers. SMTP servers set such header fields as original-mail-from with data from the reverse path, which may have been spoofed.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Tom Brennan [[email protected]] Sent: Thursday, February 18, 2021 4:41 PM To: [email protected] Subject: Re: XMITIP and ANTI SPOOF message On 2/18/2021 12:15 PM, Jeremy Nicoll wrote: > On Thu, 18 Feb 2021, at 18:30, Seymour J Metz wrote: >>> SMTP is inherently insecure > >> OTOH, the envelope ... fields can be trivially spoofed > > For the recipient of an email, the SMTP envelope data is stripped off > by the receiving system's SMTP server, then - often - placed inside > the email in a header whose format depends on the mail system > concerned. For example I see X-Delivered-To: headers in some of > my mail. > > How would someone spoof that, unless they had access to my > mail hosting company's servers? ... or coded their own SMTP relay program, which I did a few years ago for a older Windows program that would only send mail out on port 25 and could not be altered. Hard to find an open port 25 on any public ISP these days. But maybe Seymour is talking about the MAIL FROM: envelope item, which can easily be spoofed. In fact, on my relay I needed to fake that field purposely or my home ISP wouldn't accept the outgoing email from my relay. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
