Email Envelope and Headers 


Return-Path: < jj@jj.com>
X-Original-To: mailtest@capone.rutgers.edu
Delivered-To: mailtest@capone.rutgers.edu
Received: from node18.rutgers.edu (node18 [192.168.5.38])
        by capone.rutgers.edu (Postfix) with ESMTP id A291B2B15C
        for < mailtest@capone.rutgers.edu> Tue, 12 Apr 2005 22:23:53 -0400 (EDT)
Received: from me?here.com (unknown [192.168.5.250])
        by node18.rutgers.edu (Postfix) with SMTP id 4653B14112
        for < mailtest@capone.rutgers.edu> Tue, 12 Apr 2005 22:24:03 -0400 (EDT) 
To: some_guru@somewhere.com
From: pp@pp.com
Subject: Forged e-mail
Message-Id: <20050413022403.4653B14112@node18.rutgers.edu>
Date: Tue, 12 Apr 2005 22:24:03 -0400 (EDT)

Hey, 
The "To:" and "From:" are non-existent, but you still get the e-mail.
bye, bye
.
  • The envelope: Return-Path (forged in this case); who it was sent and delivered to (mailtest@capone.rutgers.edu);
    All the transaction stages -
    originated on unknown host [192.168.5.250]
    --> relayed through node18.rutgers.edu, which is running Postfix SMTP server; message id 4653B14112 can be used to track the e-mail in the log files on node18.rutgers.edu; the message was sent for mailtest@capone.rutgers.edu; Date/Time Tue, 12 Apr 2005 22:24:03
    --> receivd on capone.rutgers.edu, which is running Postfix, for mailtest@capone.rutgers.edu on Tue, 12 Apr 2005 22:23:53; ESMTP id A291B2B15C can be used to track the e-mail in the log files on capone.
  • The headers (what ususlly is displayed in e-mail programs): the "To" and "From" are forged here; Message-Id: <20050413022403.4653B14112@node18.rutgers.edu> tells that the message was received on Tue, 12 Apr 2005 22:24:03, from node18.rutgers.edu where the message ID is 4653B14112.
    Previous Pageprevious First Pagetop Next Pagenext