What is email envelope and email header
Email Envelope vs Email Header
To understand what the SPF and DKIM is, it is necessary to know the difference between
email envelope and
An email message is very similar to a physical letter that you would send in the mail. There is an envelope, with To/From information, and there is the actual letter on the inside, with it's own To/From information. The envelope to/from information is the real information that is used for message delivery, for both email servers and post offices.
When an envelope comes into a post office, they inspect the To address on the envelope, and send it to the correct destination. The post office workers have no knowledge of the letter inside the envelope. The letting inside could have completely different To/From information than the envelope says. The Envelope could say the message is to Bob, but the letter inside may say it's for Alice. Or in real world: The envelope could say the message is to SomeCompanyName, and when secretary open envelope, letter inside say, it's is for Mr. Brown which work in SomeCompanyName.
The same is true for emails. The envelope To/From is the most important information when delivering a message. If the envelope says the message is to email@example.com and firstname.lastname@example.org, then the message is sent to both, regardless of what the letter inside (the message header) says the message is To:.
The envelope headers are the MAIL FROM and RCPT TO parts of the SMTP conversation. The envelope sender is the MAIL FROM address, and the envelope recipients are the RCPT TO addresses.
Important points for email envelope and email header
- It is very esay to write fake/forged address in the mail from command in the smtp communication ( in the email envelope)
- It is very easy to write fake/forged address in the From: email header
- Both envelope sender together with email header sender can be faked
- The sender's email address in email header From: can be differrent from the envelope's mail from
Example of Sender Address Forgery
Look at lines 6,8,10 and 14-20
And what you see in your email client:
And here is raw email message:
Return-Path: <FakeEnvelopeSender@fakedomain.com> Delivered-To: <email@example.com> Received: from fakemailserver.com (localhost [127.0.0.1]) by mailserver.secar.cz (mail_locahost) with ESMTP id 44DxhQ58Jgz6tvJ for <firstname.lastname@example.org>; Wed, 6 Mar 2019 15:57:51 +0100 (CET) From: "Fake Sender" <FakeHeaderSender@fakedomain.com> To: "Real Recipient Name" <email@example.com> Subject: test fake sender message Message-Id: <44DxhQ58Jgz6tvJ@mailserver.secar.cz> Date: Wed, 6 Mar 2019 15:57:51 +0100 (CET) This is test meassage
Relationship whit DKIM and SPF