Whitelist Problem -- explanation of To: versus recipient

Julian Field mailscanner at ecs.soton.ac.uk
Tue Aug 13 08:53:34 IST 2002


At 03:31 13/08/2002, you wrote:
>Is it possible for someone to illustrate the difference between the
>"envelope sender address" versus the "From" header?
>
>Maybe grab a full email header, paste it into a reply to the list, and
>point out which is which?

The point is that the "envelope sender address" doesn't normally end up in
the headers at all.

>  This seems like a recurring question and now
>I'm even beginning to question my own understanding of it. it might even
>be a good item for the FAQ. If I was convinced I understood it, I would
>write it myself :)

This looks a bit long, but it's all very simple to understand. Really :)

Imagine a physical letter in the post to you. If they have written it
nicely, the piece of paper in the envelope will have your (the recipient)
address written on it. But the piece of paper is folded up and put in an
envelope, which is made of paper so you can't see through it. Your address
is written on the outside of the envelope too.

The mail "Post Office" (US Postal Service, Royal Mail, Federal Express,
etc) delivers the letter to your mailbox. But the last thing it does before
it drops it in your mailbox is that it kindly takes the letter out of the
envelope for you and throws the envelope in the trash.

What you have now is the original letter, complete with your address
written on it.

But the version of your address on the letter you take from your mailbox is
nothing whatsoever to do with the address used to actually deliver it to
you. The (thrown away) address on the outside of the envelope is what was
used to deliver it to you.

In theory the copy of the address on the letter doesn't even need to be
your address. Absolutely anything would do, as it isn't used to delivery it
to you anyway. The only address that matters is the one on the outside of
the envelope (which was thrown away for you by the "Post Office").

It's exactly the same with e-mail, except that the "Post Office" is
sendmail, Exim, postfix, etc.

The same explanation applies to the return address written on the outside
of the envelope. All the Post Office checks is that it is a valid address.
If the letter couldn't be delivered to you, the Post Office tries to send
it back to the return (From) address on the outside of the envelope. The
Post Office won't actually open your letter as that is not allowed (not in
many countries, anyway). If the return address on the envelope is someone
else's address (i.e. not the address of the person who originally sent you
the letter), then the Post Office will still deliver it to them, and they
will be quite surprised to receive back a letter they never sent in the
first place. This is what the Klez worm does.

If you want to send a letter back to the person who sent it, nothing on the
letter inside the envelope can be trusted (as explained above). And you
can't even trust the return address written on the outside of the envelope,
even if somehow you managed to get the envelope off the postwoman (also
explained above). The only indication you have is what franking marks the
Post Office added (as these tend to indicate the town it came from). These
franking marks are the "Received:" headers.

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list