José Borges Ferreira By José Borges Ferreira • September 14, 2017

Email security basics: The multiple senders of a message


Nowadays, we send and receive emails every day without having any idea what is going on "under the hood".


Although electronic, email has some resemblance to traditional postal delivery. The most important thing to keep in mind is that both have the following characteristics:

  • An envelope with sender and recipient;
  • A message with header and text.

AnubisNetworks_1.png
Like traditional mail, the envelope sender (Envelope From) and recipient (Envelope To) are used by the e-mail servers to know where and to whom to deliver the message. Other details in the message address the reader. The message contains a header that indicates the date, subject, sender, recipient, and others.

Email reading applications (MUA-also known as Mail User Agent), such as Outlook or Thunderbird, use the header and message data to display the message in a more readable way, as well as making the search for details faster.


Thus, the example message above would appear like this:

AnubisNetworks_2.png 

Notice that the "To" is replaced by the name we have indicated in our configuration.

Regulations mandate that the format of the headers (RFC 5322) allows to have a more readable part we can send the following email:

AnubisNetworks_3.png

Which results as follows:

AnubisNetworks_4.png

Following this process, we can make further adjustments to deceive the system.

For example:

AnubisNetworks_5.pngAnubisNetworks_6.png

This email was sent from the  address jose@gmail.com, but the header contains another address ("Jose Borges Ferreira" <jose@borgesferreira.pt>). So, the name that is visible is:

AnubisNetworks_7.png

The norms that regulate the email have been evolving in order to allow a great flexibility and to facilitate the way we read the messages, however there are some disadvantages.

Based on the example above, we can already perceive that the different envelope and header address can be used to fool a recipient into thinking that the email is coming from someone else.

In the next post about email security, we will see how these fields are used in authentication mechanisms and authorization of emails as well as how they are abused in order to circumvent some of these processes.

Free Trial

Author: José Borges Ferreira

Email Security Expert at AnubisNetworks. José is the email security expert that is always seeking and research for new features to help companies to protect against advanced cyber threats. With an extensive experience of email security, specifically dealing with high volume email processing and anti-spam/anti-fraud techniques, he’s responsible for all the innovation at the AnubisNetworks email security solutions.

Find me on: