I’m very aware of how to spot scam emails, as are the rest of the smart, good-looking members here. But there’s something I just can’t figure. Well, actually 2 as I’m thinking about it. (I’m specifically talking about GMail but I’m sure it’s the same for all servers.)
Foreword: I know this all involves spoofing. I’m sure it’s the same tech that shows a caller ID from my area code and prefix with someone on the other end who’s, in all honesty, not from my geographical location.
But I want to know how.
Tapping the sender address, it’ll often have my username but the @ shows AOL, USAA, etc dot com. I don’t have any of those yet I still get them.
The sender will often have dozens of characters from an @ address that is also followed by a bunch of characters not ending in ru, edu, or uk.
So how does this work? I’m really curious how something addressed to me at AOL end up in Gmail
The To: line in an email isn’t necessarily used by the underlying email system to deliver the mail. It can be totally fake. The internal protocol is something like this (from memory. abstracted. may not be 100% perfect)
The email server will take the email message and deliver it to filmore@sdmb.com with that fake To: header. To learn more about the spam email sent to you, view the original or source version of the email. In gmail, you’d click on the three dots on the right and then select “Show Original”. You’ll see a lot of the internal headers and see what address was used to send it to you.
An analogy would be like if you gave a letter to your mail carrier and told them to ignore the address that was written on the envelope and instead deliver it to some other person. The From and To parts of the envelope could be totally fake in that case. The mail carrier would know who to deliver it to.
As @filmore stated, the TO: line can be whatever the sender wants it to be. If you are using GMail on the web, a handy trick is to click the 3 dots to the right of the message and select “Show Original” there you can see pretty much all info for the message. The “Delivered To” is the Actual e-mail address to get the message. The “TO:” line can be made up and can in fact have no relation to the intended recipient. So someone could send you an e-mail with a “TO” line of T-REX at Jurassic Park,
Might not have said that clearly. Delivered-to is the email address that gets the e-mail. It may not have been the original sent to address. For Example, all my e-mails come are “Delivered-To” so..ty@gmail.com. However, the email could have been sent to one of several different e-mail addresses since I forward outlook and aol to gmail. E-Mail addresses explained Try this site for more info. And look to the “Received:” tag. I believe that has the original sender server and e-mail to.
Emails, like normal mails, have an envelope and an actual message body. What causes a message to be routed to you is what’s written on the envelope; what you see as to/from is what’s written in the email header (information that’s in the mail itself, but usually not displayed by the client program you’re using). Here’s an explanation of this.
Your analogy would be more on point if it noted that this is even more like the post office’s existing practice of largely ignoring the address at the head of the printed letter in favor of the one on the envelope. In fact, in common system administration jargon, the two, possibly different, addresses are called “envelope-to” and “header-to,” where the first is what controls to whom the email is actually delivered and the second is what the email software usually shows to the recipient.
No, the From line will be whatever gibberish they invent. It’s the To line that will show my user name, but then @aol sometimes. I’ve never in my life had an AOL account
The To line can be gibberish as well. The From and To fields are just for the convenience of the person reading the email. The computer servers don’t pay attention to those fields. The spammers may put your name in the To field so that you’re more likely to think it’s a real email.
To really get to the bottom of this, you need to look at the source of the email. Press the three dots on the right of the email and then do “Show Original”, like this:
Then you’ll get the internal text of the email with all the headers. You’ll see a bunch of computer-y stuff above the To and From fields. That’s all the internal communication the mail servers used to deliver the mail to you.
I don’t think he is mixing them up. I think what he is thinking is that the “To:” line should have his e-mail address. But it has some AOL variant in it. @duffer, what you need to realize, is the “To:” line, is whatever the sender wants it to be. Now most e-mail application won’t let you change it, but spammers don’t use e-mail applications, they write there own and can change the “To:” line to say whatever they want. As @filmore says, check all the lines above the To and From Fields. Look for this line…
As for why it’s even a thing that there’s a “To:” field in the message that’s separate from the “To:” field in the “envelope”, consider if you’re having your email forwarded from one account to another. You’d like to know (at least sometimes) what address it was originally sent to, and not have the autoforwarder only be able to tell you that it’s to the forwarded address. So when it copies the message with the “To:” field inside, it preserves the original target email address (assuming that it was right in the first place) while actually getting it to show up as mail in a different address’s inbox.
And if you want to know what (some of) that gibberish means, at least regarding the way the mail took to reach you, you can use a header analyzer to do so—just paste them in, and you’ll get a representation of the path the mail took to you, as well as a tabulation of some header elements. I took a mail from my junk-folder:
So there’s the ‘Return-Path’, which tells the mail-server where bounces (rejected mail) are sent to, the ‘From’-field, which is the sender’s address the mail-program will show the recipient, the ‘Reply-To’, which is where any answers to this mail will be sent, and finally, the ‘To’, which is the recipient address you’ll see in the mail-program, and the ‘Envelope-To’, which shows the mail address where the mail was actually delivered (i. e. my own address). So when I open this in a mail-program, I’ll be shown that it was sent to ‘lenajel@gmx.de’, which is not my address; but in fact, the reason it was delivered to me was my address included in the ‘Envelope-To’ field.
