Since November 2022 I've received several suspicious emails in mailbox. This is unusual for Gmail (I think that Gmail has best spam/virus filter ever). Therefore, I decide to investigate what is it.
Let's investigate the latest (08.01.2023).
Showing posts with label email. Show all posts
Showing posts with label email. Show all posts
15 January 2023
08 July 2018
Exchange 2016: Issue of breaking email address in angle brackets
Recently noticed the unusual behavior (an issue) of Microsoft Exchange 2016 when displaying email addresses.
If in the body of an email (Content/Header section) specify an email address (From, To or Cc headers) twice, where the second time is in angle brackets, the address will be broken. The part of the address after the first character @ moves to the address in brackets, thereby preventing the possibility of an answer to this email.
I assume that the function that should extract the correct email addresses from the headers does not work correctly.
If in the body of an email (Content/Header section) specify an email address (From, To or Cc headers) twice, where the second time is in angle brackets, the address will be broken. The part of the address after the first character @ moves to the address in brackets, thereby preventing the possibility of an answer to this email.
I assume that the function that should extract the correct email addresses from the headers does not work correctly.
Several tests
| Original email address (that used while sending) | The final email address (OWA, Outlook) |
| administrator@test.local <administrator@test.local> | "administrator@" <test.local administrator@test.local> |
| administrator@_ <administrator@test.local> | administrator@ <_ administrator@test.local> |
| administrator@domain<administrator@test.local> | administrator@ <domainadministrator@test.local> |
| administrator@><administrator@test.local> | <administrator@> |
| <administrator@><administrator@test.local> | <administrator@> |
| <@administrator@><administrator@test.local> | <@administrator@><administrator@test.local> |
| administrator@<administrator@test.local> | <administrator@> |
| <script>@><administrator@test.local> | <script> |
| administrator@test.local@ <administrator@test.local> | "administrator@" <test.local@administrator@test.local> |
12 July 2017
Brief of email anti-spoofing technologies: SPF, DKIM, DMARC, SIDF, DK, ADSP
For a few years unhurriedly I have been discovering features to protect emails from spoofing. Here I briefly collect information about all current standards, their functionality
and an example with one main domain and two subdomains. It is not a complete
guide, please read the RFCs and special guides for each standard.
Standards
Acronym |
Definition |
Official website |
RFC |
IETF Status |
Short description |
SPF |
Sender Policy Framework |
Standards Track RFC |
Defines who (which servers) could send emails from domain and what to do with “bad” emails. Works with «RFC5321.MailFrom» and «HELO» identities. |
||
DKIM |
Domain Keys Identified Message |
Standards Track RFC |
Sign an email by private key to identify the sender. |
||
DMARC |
Domain-based Message Authentication, Reporting, and Conformance |
Informational RFC, Working Group |
The policy that unites the SPF and DKIM to define what should do receivers with «bad» emails. |
||
SIDF |
Sender ID Framework |
Experimental (2006) |
Analog SPF, but works with «RFC5321.MailFrom» and «RFC5322.From». |
||
ADSP |
Author Domain Signing Practices |
- |
Historic (2014) |
Extension to DKIM allowing domain owner to specify whether or not they signed all outgoing mail. |
|
DK |
DomainKeys |
Historic |
Analog of DKIM. This standard was superseded by DKIM (RFC4871). |
09 July 2017
Email: Eliminate confusion between the concepts of «MAIL FROM» and «From»
Looking through various articles I was confused by different names of From-headers of email. Now I want to put all aliases of FROM and TO headers into one table.
First of
all it is necessary to understand that email consists of two parts: «envelope» and «content». Quotation from RFC5322:
«In the context of electronic mail, messages
are viewed as having an envelope and contents. The envelope contains whatever
information is needed to accomplish transmission and delivery. (See [RFC5321]
for a discussion of the envelope.) The
contents comprise the object to be delivered to the recipient. This specification applies only to the format
and some of the semantics of message contents.
It contains no specification of the information in the envelope.»
Each of parts contains its own FROM and TO headers/fields. In fact, there are many other
headers (sender, cc, bcc and etc.), I will not consider them all, so read the
RFC.
A content
part consists of two sections: «header»
and «body». Quotation from RFC5321:
«The SMTP content is sent in the SMTP DATA
protocol unit and has two parts: the header section and the body. If the
content conforms to other contemporary standards, the header section consists
of a collection of header fields, each consisting of a header name, a colon,
and data, structured as in the message format specification (RFC 5322 [4]); the
body, if structured, is defined according to MIME (RFC 2045 [21]).»
Subscribe to:
Posts (Atom)