[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email tutorial?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Apr 25, 2018 at 10:05:41PM -0500, David Wright wrote:
> On Thu 26 Apr 2018 at 09:03:58 (+0900), John Crawley (johnraff) wrote:
> > On 2018-04-25 14:25, tomas@tuxteam.de wrote:
> > >>https://help.yahoo.com/kb/SLN24016.html
> > >>My email account recently bounced some messages from this list for
> > >>that reason.
> > >Are mails from this list "marked as from a yahoo address"? I strongly
> > >doubt that. FWIW, I see them coming from "lists.debian.org", as they
> > >should...
> > 
> > Not here. For example, your mail appears to me, on Thunderbird, as being
> > From: tomas@tuxteam.de
> > and
> > To: debian-user@lists.debian.org
> 
> Yes, the message came from tomas, but the email you received came from
> the list server. There will be a header at the top of your email
> that's being hidden from you:

Right. There's a "From" field at the very top, without a colon. In David's
message I'm responding to right now, I see:

  From bounce-debian-user=tomas=tuxteam.de@lists.debian.org Thu Apr 26 05:06:37 2018

right at the top of the headers. This is added by your receiving
MTA and is thus *the* one piece of information which is most
reliable -- it's yout MTA's account of where (it thinks) the mail
has come from. There are (in my case) a couple of other headers
(at the top, too) added by my MTA.

  Return-path: <bounce-debian-user=tomas=tuxteam.de@lists.debian.org>
  Envelope-to: tomas@tuxteam.de
  Delivery-date: Thu, 26 Apr 2018 05:06:37 +0200

"Return-path:" was mentioned by David. This is extracted from info
derived from the SMTP delivery session (the "MAIL FROM") and specifies
where to bounce this mail to, should it not be deliverable (in this case
the mailing list software has set it to an address which will trigger
disabling my subscription if they receive too many bounces, meaning my
mailbox is dead or my mail admin has kicked me out of my little paradise).

"Envelope-to:" is also derived from the SMTP session (the RCPT TO).
This may be identical with the "To:" field, but depending on what
local setup you have (e.g. locally you have set up to forward all
mails to "postmaster" to your "admin" account, or you have different
aliases to give out to potential spammers to control spam) they
may differ.

"Delivery-date:" well, my MTA is Exim ;-) (cf. a recent thread here)

Those headers will be different in your copy of the above mail: after
all your MTA is (AFAIK) another one.

What is this SMTP session I keep talking about? That's when two
MTAs talk to each other to pass on one (or more) mails. To see an
example in action, see e.g. [1].

The rest of the headers are left as an exercise to the reader :-)

Now go read your mail headers. They are interesting, believe me!

Note that they *all* can be spoofed: apply judgement and common
sense.

Cheers

[1] https://en.wikipedia.org/wiki/SMTP#SMTP_transport_example
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlrhY60ACgkQBcgs9XrR2kZIqwCdH2/woRaDQoP5dsViwwXIHaSK
JJ8AniepLu6QIBp8YIYayvEZbjD/Pnz6
=0nue
-----END PGP SIGNATURE-----
Reply to: