Thursday, November 22, 2012, 16:24
Solution ID: 00000189
Can you give me more information on e-mail and how spammers do what they do?
It's important to have a clear understanding of what e-mail is, or more specifically how it is structured. The concepts referred to in this section will be used throughout this document. Many of the idiosyncrasies of spam result directly from the structure of an e-mail. This is also the starting point for the development of the many anti-spam tests used by PerfectMail™.
E-mail is actually composed of two main elements: the envelope and the data sections. The data section is further divided into the e-mail header and e-mail body or message; which may be comprised of different alternative formats and contain embedded images and other elements; as well as e-mail attachments.
If we focus on the two main elements, the envelope and the data sections you can think of an e-mail like a conventional written letter.
The envelope contains addressing and delivery information. Your e-mail server uses the envelope to decide how an e-mail should be forwarded or delivered. It ignores the actual message.
When you view an e-mail using your mail App (e.g. Microsoft Outlook™), you are seeing the data section comprising the header and actual message; the envelope has been stripped away. Liken this action to a receptionist who has taken the letters from their envelopes, put those letters on your desk and discarded the envelopes.
Spammers make use of the inconsistency between the envelope and the header to try and side-step spam filters. They do many things to push the boundaries of what is acceptable in e-mail. This is why you can receive emails that look like they were addressed to someone else, or no-one at all. In fact, you can put any e-mail address in the header!
So why don't we just block this sort of e-mail? Unfortunately, many legitimate e-mail clients also push the boundaries of what is acceptable in e-mail and the spammers take advantage of these issues. Also, this technique is commonly used by distribution lists and newsletters. You may often see text such as "undisclosed-recipients". This technique is so widely used that we cannot block these sorts of messages.
(PerfectMail™ adds a score for mismatches between the e-mail envelope and message headers, but this alone is not enough to reject a message.)
The envelope is used, and only used, for message delivery, just like a written letter.
The e-mail header is made up of what we like to think of as the delivery information: the From, To, Subject, Date, etc. But this simply is not the case. The delivery information is contained in the envelope, which has been discarded. The header information is simply information displayed as a courtesy to the recipient.
The information in the envelope and the header are completely unrelated! For legitimate messages the header will contain the original delivery information, but this is simply not something that is enforced.
Tags: e-mail, spam, antispam, theory, headers, envelope, spoofing, from, to
Link to this article: kb/understanding_email
Updated: Thursday, November 22, 2012, 16:24
-- David Rutherford