What is email envelope and email header

What is email envelope and email header

Email Envelope vs Email Header


To understand what the SPF and DKIM is, it is necessary to know the difference between email envelope and email header.

An email message is very similar to a physical letter that you would send in the mail. There is an envelope, with To/From information, and there is the actual letter on the inside, with it’s own To/From information. The envelope to/from information is the real information that is used for message delivery, for both email servers and post offices.

When an envelope comes into a post office, they inspect the To address on the envelope, and send it to the correct destination. The post office workers have no knowledge of the letter inside the envelope. The letting inside could have completely different To/From information than the envelope says. The Envelope could say the message is to Bob, but the letter inside may say it’s for Alice. Or in real world: The envelope could say the message is to SomeCompanyName, and when secretary open envelope, letter inside say, it’s is for Mr. Brown which work in SomeCompanyName.

email envelope with email header and body email envelope with email header and body

The same is true for emails. The envelope To/From is the most important information when delivering a message. If the envelope says the message is to joe@domain.com and mary@domain.com, then the message is sent to both, regardless of what the letter inside (the message header) says the message is To:.

The envelope headers are the MAIL FROM and RCPT TO parts of the SMTP conversation. The envelope sender is the MAIL FROM address, and the envelope recipients are the RCPT TO addresses.

smtp content with envelope header smtp content with envelope header

Mail SMTP Routing
SMTP routing between mail transfer agents (MTA’s) is based exclusively on the envelope header

After recipient mailserver delivers the email to the recipient’s mailbox (recipient is always email address in envelope header) is email envelope discarded with one important exception. Mostly, recipient mailserver writes sender email address from email envelope to the email header as Return-Path.

Important points for email envelope and email header


  • It is very esay to write fake/forged address in the mail from command in the smtp communication ( in the email envelope)

  • It is very easy to write fake/forged address in the From: email header

  • Both envelope sender together with email header sender can be faked

  • The sender’s email address in email header From: can be differrent from the envelope’s mail from

Example of Sender Address Forgery


telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mailserver.secar.cz ESMTP
ehlo fakemailserver.com                                 # Here start email envelope	
250-mailserver.secar.cz
mail from: <FakeEnvelopeSender@fakedomain.com>          # Fake envelope sender
250 2.1.0 Ok
rcpt to: <manak@secar.cz>                               # Real recipient in mail routing
250 2.1.5 Ok
data                                                    # Here end email envelope and start email header
354 End data with <CR><LF>.<CR><LF>			
From: "Fake Sender" <FakeHeaderSender@fakedomain.com>   # Fake email header sender                 
To: "Real Recipient Name" <manak@secar.cz>              # email header recipient (what you see in your email client)                
Subject: test fake sender message                       # email header subject

This is test meassage                                   # After one empty line email header end and start email body

.
250 2.0.0 Ok: queued as 44DxhQ58Jgz6tvJ
quit                                                    # We end the smtp communication with recipient mailserver
221 2.0.0 Bye
Connection closed by foreign host.                      # tcp connection is closed

And what you see in your email client:

email header From: you see in your email client email header From: you see in your email client

And here is raw email message:

Return-Path: <FakeEnvelopeSender@fakedomain.com>
Delivered-To: <manak@secar.cz>
Received: from fakemailserver.com (localhost [127.0.0.1])
	by mailserver.secar.cz (mail_locahost) with ESMTP id 44DxhQ58Jgz6tvJ
	for <manak@secar.cz>; Wed,  6 Mar 2019 15:57:51 +0100 (CET)
From: "Fake Sender" <FakeHeaderSender@fakedomain.com>                 
To: "Real Recipient Name" <manak@secar.cz>                
Subject: test fake sender message 
Message-Id: <44DxhQ58Jgz6tvJ@mailserver.secar.cz>
Date: Wed,  6 Mar 2019 15:57:51 +0100 (CET)

This is test meassage

Relationship whit DKIM and SPF


  • SPF is mechanism to control and check sender’s envelope. SPF work on email envelope level.

  • DKIM is mechanism to control and check email header From: address.