Nowadays, we send and receive emails every day without having any idea what is going on "under the hood".
Although electronic, email has some resemblance to traditional postal delivery. The most important thing to keep in mind is that both have the following characteristics:
An envelope with sender and recipient;
A message with header and text.
Like traditional mail, the envelope sender (Envelope From) and recipient (Envelope To) are used by the e-mail servers to know where and to whom to deliver the message. Other details in the message address the reader. The message contains a header that indicates the date, subject, sender, recipient, and others.
Email reading applications (MUA-also known as Mail User Agent), such as Outlook or Thunderbird, use the header and message data to display the message in a more readable way, as well as making the search for details faster.
Thus, the example message above would appear like this:
Notice that the "To" is replaced by the name we have indicated in our configuration.
Regulations mandate that the format of the headers (RFC 5322) allows to have a more readable part we can send the following email:
Which results as follows:
Following this process, we can make further adjustments to deceive the system.
This email was sent from the address firstname.lastname@example.org, but the header contains another address ("Jose Borges Ferreira" <email@example.com>). So, the name that is visible is:
The norms that regulate the email have been evolving in order to allow a great flexibility and to facilitate the way we read the messages, however there are some disadvantages.
Based on the example above, we can already perceive that the different envelope and header address can be used to fool a recipient into thinking that the email is coming from someone else.
In the next post about email security, we will see how these fields are used in authentication mechanisms and authorization of emails as well as how they are abused in order to circumvent some of these processes.