Email Misdirection
March 16, 2005 12:31 PM Subscribe
I've received an e-mail addressed to someone else. How or why might this happen?
I own my own domain name and use the same hosting company for both web and e-mail. This morning I received an e-mail message addressed to someone else entirely. My email address and domain name appeared nowhere in the headers, as far as I can tell. The domain the rogue message was addressed to is hosted by the same commercial hosting company.
I know nothing about the technicalities of e-mail delivery, but I am curious about how such a mistake might happen.
This seems like a pretty fundamental screw-up to me and I can't help wondering if messages addressed to me might have gone elsewhere. E-mail reliability is very important to me. Obviously, I'm thinking about finding a new host. How worried should I be?
I've informed technical support at the hosting provider. They're currently "looking into it".
I own my own domain name and use the same hosting company for both web and e-mail. This morning I received an e-mail message addressed to someone else entirely. My email address and domain name appeared nowhere in the headers, as far as I can tell. The domain the rogue message was addressed to is hosted by the same commercial hosting company.
I know nothing about the technicalities of e-mail delivery, but I am curious about how such a mistake might happen.
This seems like a pretty fundamental screw-up to me and I can't help wondering if messages addressed to me might have gone elsewhere. E-mail reliability is very important to me. Obviously, I'm thinking about finding a new host. How worried should I be?
I've informed technical support at the hosting provider. They're currently "looking into it".
Response by poster: No. Or, at least, it seems very, very unlikely. Good point, but the nature of the mail I received strongly suggests it was a one-to-one message.
posted by normy at 12:41 PM on March 16, 2005
posted by normy at 12:41 PM on March 16, 2005
Are you sure that this wasn't a spam and/or virus email? If it all appears it's not a "real" email, then there's nothing to worry about because there are various ways to send emails to addresses without listing those addresses in the headers.
posted by skynxnex at 12:51 PM on March 16, 2005
posted by skynxnex at 12:51 PM on March 16, 2005
I had a bug for awhile in Eudora 5.0 where occasionally (like once every week or two) it would retrieve some random E-mail out of one of the mailboxes and send it to a random recipient. I know it wasn't a virus/malware as I'm a programmer and worked hard to keep that stuff off my system (AdAware updates, monitoring of system processes, etc). It looked like bad programming plus overfull mailboxes leading to some sort of overflow state. I got rid of Eudora and haven't had the problem since.
posted by rolypolyman at 1:01 PM on March 16, 2005
posted by rolypolyman at 1:01 PM on March 16, 2005
Response by poster: Are you sure that this wasn't a spam and/or virus email?
As sure as I can be. It was the first thought that occurred. I get my share of spam. But this jumped out at me because it looks like a completely legitimate message that would serve no purpose as spam. I've never had any communication with the parties involved, as far as I can tell, so see no reason why I would be in their address books, say. I've checked and they're not in mine. I run AdAware, Spybot, etc and (at least I like to think) I'm pretty conscientious about virus protection.
posted by normy at 1:09 PM on March 16, 2005
As sure as I can be. It was the first thought that occurred. I get my share of spam. But this jumped out at me because it looks like a completely legitimate message that would serve no purpose as spam. I've never had any communication with the parties involved, as far as I can tell, so see no reason why I would be in their address books, say. I've checked and they're not in mine. I run AdAware, Spybot, etc and (at least I like to think) I'm pretty conscientious about virus protection.
posted by normy at 1:09 PM on March 16, 2005
can you post the headers? even if you were bcc'ed there should be something there in the email *you* receive.
alternatively, if what you say is correct then it sounds very much like either buggy software or a very strange configuration of the mail router on your system (the header has to exist to get to your machine, but perhaps it was stripped during processing - there are rules in mail handlers to do things like that so that you can handle aliases and redirects).
posted by andrew cooke at 1:40 PM on March 16, 2005
alternatively, if what you say is correct then it sounds very much like either buggy software or a very strange configuration of the mail router on your system (the header has to exist to get to your machine, but perhaps it was stripped during processing - there are rules in mail handlers to do things like that so that you can handle aliases and redirects).
posted by andrew cooke at 1:40 PM on March 16, 2005
I'm not real savvy with this kind of stuff, but it sounds to me like a very good way to harvest active email addresses.
The harvester would send you a BCC'd email that looks like it's intended for someone else. You reply to the email saying "this wasn't meant for me" - then they've got a real, active email to use in future spammings.
posted by soplerfo at 1:51 PM on March 16, 2005
The harvester would send you a BCC'd email that looks like it's intended for someone else. You reply to the email saying "this wasn't meant for me" - then they've got a real, active email to use in future spammings.
posted by soplerfo at 1:51 PM on March 16, 2005
It's still very possible it was spam to farm addresses. If your message bounces as undeliverable, your email address isn't worth much. If you reply, you're a confirmed spam target, probably worth even more than if your address just failed to bounce.
posted by Lyn Never at 1:54 PM on March 16, 2005
posted by Lyn Never at 1:54 PM on March 16, 2005
Check the message header and see if there is an envelope-to: line. This line basically determines who the message gets delivered to, regardless of what the to: says (this is how bcc works).
It is possible that the message was not meant for you and was delivered in to the wrong mailbox. The server that you domain is hosted on probably hosts many other domains as well. All of these domains will use the exact same software.
So, if an email comes in to the MTA (mail transfer agent) running on the server, the MTA looks at and says, oh that is for youremail@yourdomain.com and then places it in the correct mailbox. Likewise, this same MTA will handle the email for all of the other domains hosted on the server. So it is possible it messed up which mailbox the mail should go to, but it seems very unlikely that it would only do it once.
More than likely, it is some sort of spam (on preview like soplerfo said) that is trying to verify email accounts to send real spam to.
posted by gus at 2:04 PM on March 16, 2005
It is possible that the message was not meant for you and was delivered in to the wrong mailbox. The server that you domain is hosted on probably hosts many other domains as well. All of these domains will use the exact same software.
So, if an email comes in to the MTA (mail transfer agent) running on the server, the MTA looks at and says, oh that is for youremail@yourdomain.com and then places it in the correct mailbox. Likewise, this same MTA will handle the email for all of the other domains hosted on the server. So it is possible it messed up which mailbox the mail should go to, but it seems very unlikely that it would only do it once.
More than likely, it is some sort of spam (on preview like soplerfo said) that is trying to verify email accounts to send real spam to.
posted by gus at 2:04 PM on March 16, 2005
Response by poster: I'm inclined to disagree with the farming theory. It's possible, of course. But would such an address harverster really go to the trouble of sending their bait message with a visible recipient hosted at the same place as the intended target? Or if it was a fluke, what's the probability of that?
I was tempted to post the headers, andrew, but I'm concerned about the privacy of innocent parties, to be honest. Wouldn't I have to remove a lot?
posted by normy at 2:05 PM on March 16, 2005
I was tempted to post the headers, andrew, but I'm concerned about the privacy of innocent parties, to be honest. Wouldn't I have to remove a lot?
posted by normy at 2:05 PM on March 16, 2005
But would such an address harverster really go to the trouble of sending their bait message with a visible recipient hosted at the same place as the intended target?
I'm not sure it would be worth the effort of going through that many levels of deception. It might be though, if it keeps it from being cought by a spam filter.
Look at the header. If it has your email address (for instance, in the envelop-to: field), then it was meant to go to you. If your email address does not appear anywhere in the header, than your hosting company has their system messed up some how.
posted by gus at 2:11 PM on March 16, 2005
I'm not sure it would be worth the effort of going through that many levels of deception. It might be though, if it keeps it from being cought by a spam filter.
Look at the header. If it has your email address (for instance, in the envelop-to: field), then it was meant to go to you. If your email address does not appear anywhere in the header, than your hosting company has their system messed up some how.
posted by gus at 2:11 PM on March 16, 2005
Response by poster: There is no envelope-to: line. At least, not in the headers I see when using View>Headers>All in Thunderbird.
Neither my address nor my domain name appear anywhere in the headers that I can see.
posted by normy at 2:14 PM on March 16, 2005
Neither my address nor my domain name appear anywhere in the headers that I can see.
posted by normy at 2:14 PM on March 16, 2005
have you tried sending an email to the person it's addressed to? see if you receive that...
posted by andrew cooke at 2:32 PM on March 16, 2005
posted by andrew cooke at 2:32 PM on March 16, 2005
try opening up the email message with notepad and look at it as a text file; does your domain show up?
posted by Doohickie at 2:36 PM on March 16, 2005
posted by Doohickie at 2:36 PM on March 16, 2005
Response by poster: try opening up the email message with notepad and look at it as a text file; does your domain show up?
No.
posted by normy at 2:58 PM on March 16, 2005
No.
posted by normy at 2:58 PM on March 16, 2005
Imagine that your Post Office removed the envelopes from all mail before putting the contents of the mail in your mailbox. You wouldn't see the envelope that showed the true From and To which was used by the Post Office to determine where to deliver the letter. You would only see the contents of the letter, which was written by the sender and used only for display purposes. The sender can write "From: Jesus To: Santa" in this To field and this will have no effect on how their letter is delivered, since the Post Office only cares what's on the envelope which you don't get to see.
There is often called a "Bcc" but there is no such thing as a "Bcc" header you can peek at in Notepad or "View Message Source". A "Bcc" is just someone who was specified as the recipient during the SMTP transaction between mail servers, but who is not listed in the message body itself. None of this points to problems with your ISP. If you know the sender, they may have used a "Bcc" feature in their mail client. Otherwise it's probably a virus or spam.
posted by Voivod at 4:34 PM on March 16, 2005
There is often called a "Bcc" but there is no such thing as a "Bcc" header you can peek at in Notepad or "View Message Source". A "Bcc" is just someone who was specified as the recipient during the SMTP transaction between mail servers, but who is not listed in the message body itself. None of this points to problems with your ISP. If you know the sender, they may have used a "Bcc" feature in their mail client. Otherwise it's probably a virus or spam.
posted by Voivod at 4:34 PM on March 16, 2005
While I don't think this is likely, I'll throw out the possibility... The recipient could have set up a .forward file to forward all mail sent to them to your address. I don't think that would change the headers at all so it would look to you like you shouldn't have received the message.
posted by pwb503 at 5:29 PM on March 16, 2005
posted by pwb503 at 5:29 PM on March 16, 2005
This happened to me. I own a domain and received an email that was obviously intended to be sent to a business (the email was about setting up tee times at a golf course). I emailed back the sender to find out who they were really trying to reach. After doing some legwork, I found out who the business used as a web hosting company and sent an email to them (since the company's email was obviously problematic.)
Appears there was some incorrect information listed in a "contact us" form they used on the company webpage. Someone had set the "mailto" incorrectly and it was coming to a nonexistent name at my domain. My domain name and the company name were not anywhere on the same planet of being close to each other, so I have no idea how that happened. After two days, I got an email from the web hosting company saying they had fixed the problem and the client was very appreciative of not losing any more business.
No spam or virus' sent my way as a result of this exchange, so I think perhaps your situation might be similar to mine.
posted by cyniczny at 5:51 PM on March 16, 2005
Appears there was some incorrect information listed in a "contact us" form they used on the company webpage. Someone had set the "mailto" incorrectly and it was coming to a nonexistent name at my domain. My domain name and the company name were not anywhere on the same planet of being close to each other, so I have no idea how that happened. After two days, I got an email from the web hosting company saying they had fixed the problem and the client was very appreciative of not losing any more business.
No spam or virus' sent my way as a result of this exchange, so I think perhaps your situation might be similar to mine.
posted by cyniczny at 5:51 PM on March 16, 2005
Another explanation: bouncing. HTML editors don't allow you to do this, but terminal email programs like Mutt do (apparently with mail.app you can do it with command+shift+E). I use such a program and can bounce a message to some one and it will appear exactly the same as it did to me, in that person's inbox. It's faster than forwarding since you don't have to open a new message, there's no record of the action, so it just sends them an exact copy, attachments and all. I do it to my firnds all the time and it perplexes them as well.
posted by scazza at 8:23 PM on March 16, 2005
posted by scazza at 8:23 PM on March 16, 2005
sigh. bcc and bouncing and forwards will all put info in the header, otherwise the mail system wouldn't know where to send the frigging message, would it?
posted by andrew cooke at 6:47 AM on March 17, 2005
posted by andrew cooke at 6:47 AM on March 17, 2005
Nope, bouncing puts nothing in the header. It appears EXACTLY as it did to the sender. EXACTLY. If anyone would like a demonstration, just email me and I'll bounce it back to you.
posted by scazza at 9:26 AM on March 17, 2005
posted by scazza at 9:26 AM on March 17, 2005
The headers have absolutely nothing to do with where the message goes.
The headers are for you and your software to look at and display. The actual destination is determined by the SMTP envelope. As an example, I could connect to the SMTP port of your mail server and write this:
HELO my.host.name
MAIL FROM: fakesender@fakedomain.com
RCPT TO: realrecipient@realdomain.com
DATA
From: Fake Sender
To: Fake Recipient
Subject: I need pez.
please send pez immediately.
.
QUIT
And your message headers would say that it was sent to 'fakerecipient', but it would be delivered only to 'realrecipient@realdomain.com'.
posted by mosch at 9:30 AM on March 17, 2005
The headers are for you and your software to look at and display. The actual destination is determined by the SMTP envelope. As an example, I could connect to the SMTP port of your mail server and write this:
HELO my.host.name
MAIL FROM: fakesender@fakedomain.com
RCPT TO: realrecipient@realdomain.com
DATA
From: Fake Sender
To: Fake Recipient
Subject: I need pez.
please send pez immediately.
.
QUIT
And your message headers would say that it was sent to 'fakerecipient', but it would be delivered only to 'realrecipient@realdomain.com'.
posted by mosch at 9:30 AM on March 17, 2005
rats. i was hoping to correct myself, but mosch has already done so. sorry - i was completely wrong. i fonud out via this article. sorry again.
posted by andrew cooke at 7:32 PM on March 17, 2005
posted by andrew cooke at 7:32 PM on March 17, 2005
« Older How do I transfer passwords from Mozilla to... | Hey programmers? Any experience on switching from... Newer »
This thread is closed to new comments.
posted by vacapinta at 12:37 PM on March 16, 2005