How is an Email assembled for output?


To understand how an email is assembled, one only has to look at how a mail server handles it. The server queues an outgoing message in 2 parts; one part is the actual message itself and the other part is what is added to it. Take the following message as an example.

------------------------------------------
To: Test1@domain2.com
From: administrator@domain1.com
Subject:
Cc:
Bcc: Test2@domain2.com
Attached:

This is just a test!
------------------------------------------


This message from the client is stored in queue by the server as:
------------ PART 1 -----------------
V2
T1040400355
K1040400358
N1
P60397
I0/0/0
MDeferred: Connection refused by domain2.com.
Fb
$rSMTP
$suser1
$_ppp6.domain1.com [192.168.1.6] (may be forged)
S[administrator@domain.com]
RPFD:[Test1@domain2.com]
RPFD:[Test2@domain2.com]
H?P?Return-Path: [administrator@domain1.com]
HReceived: from user1 (ppp6.domain1.com [192.168.1.6] (may be forged))
by server1.domain1.com (Build 98 8.9.3/NT-8.9.3) with SMTP id JAA08768;
Fri, 20 Dec 2002 09:05:55 -0700
H?x?Full-Name: Tempory Account
HMessage-Id: [3.0.6.32.20021220090536.00832430@mail.domain1.com]
HX-Sender: administrator@mail.domain1.com (Unverified)
HX-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
HDate: Fri, 20 Dec 2002 09:05:36 -0700
HTo: Test1@domain2.com
HFrom: administrator@domain1.com
HSubject: Test Message
HMime-Version: 1.0
HContent-Type: text/plain; charset="us-ascii"
.

------------ PART 2 -----------------
This is just a test!

-------------------------------------


So how is this information used to send an email?

For each address line (preceeded by RPFD: above), the server creates a message starting with the body (Part2), a single blank line, and a header consisting of all the lines starting with "H" from part 1.

------------ Message 1 -----------------
From [administrator@domain1.com] Fri Dec 20 09:05:39 2002
Received: from user1 (ppp6.domain1.com [192.168.1.6] (may be forged))
by server1.domain1.com (Build 98 8.9.3/NT-8.9.3) with SMTP id JAA08768;
Fri, 20 Dec 2002 09:05:55 -0700
Message-Id: [3.0.6.32.20021220090536.00832430@mail.domain1.com]
X-Sender: administrator@mail.domain1.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Fri, 20 Dec 2002 09:05:36 -0700
To: Test1@domain2.com
From: administrator@domain1.com
Subject: Test Message
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

This is just a test!
-------------------------------------

With the exception of the "Received: from" line, the local time that the email was sent, and the server generated Message ID, the rest of the information was supplied by the sender. The mail server has no way of verifying the information, including the date on the email.

The second message is configured as a Blind Carbon Copy (Bcc:), and would look much the same as the first.

------------ Message 2 -----------------
From [administrator@domain1.com] Fri Dec 20 09:05:39 2002
Received: from user1 (ppp6.domain1.com [192.168.1.6] (may be forged))
by server1.domain1.com (Build 98 8.9.3/NT-8.9.3) with SMTP id JAA08768;
Fri, 20 Dec 2002 09:05:55 -0700
Message-Id: [3.0.6.32.20021220090536.00832430@mail.domain1.com]
X-Sender: administrator@mail.domain1.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Fri, 20 Dec 2002 09:05:36 -0700
To: Test2@domain2.com
From: administrator@domain1.com
Subject: Test Message
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

This is just a test!
-------------------------------------

So why is there false information in many Spam emails?

Keep in mind that spam engines are not legitimate servers, and they can essentially put anything they want to on top of the body, including false transport information. What can't be easily fudged is the information that is added by a legitimate MTA (Mail Transport Authority) as the email makes it's way from server to server.

| Back to Top | Home Page

Email: not available