Email security basics: The multiple senders of a message

José Ferreira By José Ferreira • September 14, 2017

Nowadays, we send and receive emails every day without having any idea what is going on "under the hood".


Although electronic, email has some resemblance to traditional postal delivery. The most important thing to keep in mind is that both have the following characteristics:

  • An envelope with sender and recipient;
  • A message with header and text.

AnubisNetworks_1.png
Like traditional mail, the envelope sender (Envelope From) and recipient (Envelope To) are used by the e-mail servers to know where and to whom to deliver the message. Other details in the message address the reader. The message contains a header that indicates the date, subject, sender, recipient, and others.

Email reading applications (MUA-also known as Mail User Agent), such as Outlook or Thunderbird, use the header and message data to display the message in a more readable way, as well as making the search for details faster.


Thus, the example message above would appear like this:

AnubisNetworks_2.png 

Notice that the "To" is replaced by the name we have indicated in our configuration.

Regulations mandate that the format of the headers (RFC 5322) allows to have a more readable part we can send the following email:

AnubisNetworks_3.png

Which results as follows:

AnubisNetworks_4.png

Following this process, we can make further adjustments to deceive the system.

For example:

AnubisNetworks_5.pngAnubisNetworks_6.png

This email was sent from the  address jose@gmail.com, but the header contains another address ("Jose Borges Ferreira" <jose@borgesferreira.pt>). So, the name that is visible is:

AnubisNetworks_7.png

The norms that regulate the email have been evolving in order to allow a great flexibility and to facilitate the way we read the messages, however there are some disadvantages.

Based on the example above, we can already perceive that the different envelope and header address can be used to fool a recipient into thinking that the email is coming from someone else.

In the next post about email security, we will see how these fields are used in authentication mechanisms and authorization of emails as well as how they are abused in order to circumvent some of these processes.

Free Trial Mail Protection System
Return to Blog Index

Recent Posts

Subscribe to Email Updates
Get instant notifications of new posts

Posts by Topic

see all

Copy of Logo2019_Anubis_Mailspike_original_200px 
All our solutions
Resources
anubisnetworks
Other resources

m3aawg logoBarras_branco RIPE-NCC-MemberBarras_brancoImage-3Barras_brancoVBSpamBarras_brancoISO_9001Barras_brancoPT2020