Recently we are creating an application for interpreting email contents, this application shall give us the TO addresses, CC addresses and BCC addresses.
When handling BCC field, we found it seems not able to get BCC addresses directly. Referring to RFC2822, MORE QUESTIONS arise.
" There are three ways in which the "Bcc:" field is used.
In the first case, when a message containing a "Bcc:" field
is prepared to be sent, the "Bcc:" line is removed even
though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message...
Finally, since a "Bcc:" field may contain no addresses, a
"Bcc:" field can be sent without any addresses indicating
to the recipients that blind copies were sent to someone. "
Suppose an email is sent out as below adddresses
To: to1#address.com
cc: cc1#address.com
bcc: bcc1#address.com
My questions are, when the recipient bcc1#address.com received its email, will there a "bcc1#address.com" in the email source file? If yes, then what field it is placed? If not, then how is it possible for this email to the recipient when there is no any information about the "bcc1#address.com"??
[update]
how can the email server know whose mailbox to deliver this email to, if the email message contains no information about the BCC recipient's email address, including the header part? how a server correctly forwards such an email?
The content of an email does not necessarily contain any information about its recipients. During message transport, this information is carried in the message envelope, which is then discarded on delivery.
What you are pursuing cannot be done reliably (although many person-to-person messages obviously contain the information in the headers).
Many mailing list messages are good examples, especially those which are delivered to multiple recipients in the same domain.
Related
I am building a ticketing system where users can raise a support ticket and agents can reply to the particular ticket and when the agent replied to a particular ticket I will send the reply to respective user email (email service using SendGrid).
My question is when the user replied to the agent email I will fetch that email with SendGrid inbound parser but I am stuck that how to uniquely identify for which ticket user has replied. I have two ideas attaching JWT in the header or unique email address resemble ticket id (ticket-id-2654654#example.com) but I don't what will work
You could send a custom Message-ID Header (RFC 2392) with your E-Mail. Responses to your E-Mail should then contain a References and/or In-Reply-To header containing the Message-ID of the E-Mail that was answered.
Edit: Just tested it with Zendesk and Zammad. They both seem to identify responses in that way.
You mention having a unique email address, not unlike a VERP (Variable Envelope Return Path) address. VERP is most pertinent if it's dealing with bounces, since it refers to the address used for the SMTP MAIL FROM:,
MAIL FROM:<ticket-id-2654654#example.com>
in particular it is helpful to identify which emails bounce - the email likely never arrives in a mailbox at the remote end. Note that the address used during the SMTP conversation like this will be recorded at the top of the received email with a 'Return-Path:' header.
Assuming an email doesn't bounce then how to ensure an email with a recognisable identifier comes back:
MysteriousPerson's custom Message-ID: header suggestion is excellent; also specify a VERP address in a Reply-To: header - so one or both of the identifiers you put there should be found in the reply to decode which ticket/user the original message was sent to. You have the choice of using the same VERP address in the From: header or something more human-friendly, depending on what you want the recipient to see. Since Reply-To: is specified, client software will use that for replies.
The main RFCs on SMTP and message format are likely to be helpful if you're not already aware of them.
Just for knowledge purposes, I want to know if it is possible to know if email spoofing has been done successful or not . Suppose if I am sending an email from one's account, What if receiver doesn't exist? Means will i get any error as a spoofer that receiver doesn't exist and you cant send email . Thanks
There is no way to know for certain, but you can make an educated guess.
First, when sending an email to a non-existent recipient and the recipient's server is configured to report this to the sender (pretty much the default behaviour), this reporting can happen either:
1) During the email transmission. The SMTP conversation with the recipient's server may very well fail at RCPT TO: (i.e. when the recipient is specified) or at the end of the DATA or BDAT commands (i.e. when the email just have been transmitted and the server either acknowledges this or rejects the email). If you receive an 5xx-type response at either stages, or, well, anytime earlier in the conversation, you can be sure the recipient did not get the message. Validation during email transmission is common.
2) After the email transmission. Servers that don't do recipient validation on SMTP level will often accept and queue emails during the transmission, then generate a bounce report (also called a Delivery Status Notification/DSN or Non-Delivery Report/NDR) later and attempt to return it to the original message sender. As you have no access to the mailbox of the original message sender when spoofing, you will have no idea if such bounce report is generated. This method of validation is still fairly common.
Second, you can embed a tracking image in your HTML email to see if the email was opened. This works by placing a HTML <IMG> element in the email that points to e.g. http://example.org/tracking-1x1.gif?uuid=<id>. The idea is that you track whether that image was downloaded. Be aware that virtually all modern email clients will disable downloading images from unknown sources and some action is required from the recipient to enable downloading images.
Third, you can spoof the MIME sender only. Emails have two distinct set of addressee information: the envelope addressees and the MIME addressees. Emails are delivered based on what's written on the envelope, but email clients render the MIME information instead (what's inside the envelope). In other words, during the SMTP transmission you may specify a different sender address (MAIL FROM: command) from that in the email (From: header). The fun part is that bounce reports are sent to the envelope sender address, a.k.a. the Return-Path, so if you have access to the envelope sender mailbox, you can receive a bounce report no matter what stage it was rejected. Note that you will reveal yourself, either through the mail server logs or through the email header, where the Return-Path header will contain the envelope sender address.
Please use the above information for "knowledge purposes" only. Be aware that email spoofing is likely a crime in just about any country.
I use qmail, and i send a mail with Thunderbird or Outlook. I can handle to, from, body, cc informations with qmail. But i cannot handle bcc. Because people say "qmail stripts out bcc." Some other people says "it is not job of qmail ( mta) , problem is from thunderbird (mua), it strips out bcc ". I don't know which is true.
So, How can i handle bcc information with qmail , Can you explain ?
Thanks.
You have to distinguish between receivers in header and in smtp-envelope. What you use as "To", "Cc" end up as header fields in your mail and are also used as envelope receipients in SMTP. The header fields are merely informational and are not used for message delivery. For "Bcc", your MUA (e.g. Thunderbird) does not include a header field in the mail, but only uses a corresponding envelope-receipient when handing over the message to the mail server. Adding Bcc information to the mail itself actually would defeat its purpose. Therefore, no information about this receiver is contained in the message itself. So qmail does not "strip out bcc" from the mail, since was never there, but it will be able to deliver the mail anyway.
We have an application that allows users exchange messages, and delivers the message through email. But we don't reveal sender's email, instead; every time a message is sent out a new email address gets generated for the "From" field. Something similar to the way Facebook or LinkedIn send out messages.
Everything works fine, except the recipient's email client caches all these email addresses.
For instance, if Jack sends two messages to Jill, the sender's addresses can be: a123#FakeEmail.com and a456#FakeEmail.com, so next time Jill composes a new message and starts typing Jack's name, the email client suggests two addresses for Jack.
So my question is, how we can prevent email caching on client's machine? Is there something similar to HTTP header Pragma: no-cache for SMTP?
Thanks
Nivresh
OK, here is what I ended up doing. To prevent Outlook and other mail clients from suggesting several dummy email addresses generated for the same contact name, I add a special character to the beginning of the sender's name. This can be a space or if you use Unicode, you can add a zero-width space (\u200B) to the beginning of the name.
So in my example, the email is sent from "\u200BJack" which will be shown as "Jack". The dummy email address will be saved in mail client under the name of "\u200BJack" and when the recipient later on tries to send an email to Jack, email client won't suggest this address.
Hope this helps someone.
I'm using PHPMailer to send mails to a clients database when certain events triggers. Obviously I don't want everyone to get the full list of client's emails, so i'm sending those in BCC using PHPMailer. It's working fine, but there is one problem.
The customer that receive the email got nothing in the field of the targeted email. Just blank. Shouldn't he be able to see his own address and own name I'm sending ? It's helpfull for people who are redirecting emails to know which was targeted.
Same goes with PHP native mail() function.
Is there a way to handle this ?
Thanks ahead !
No, that's not how BCC works.
If you receive an email via BCC, your mail client will show you the original recipient's address in the 'to' field, not yours.
This applies to all BCC mails; it has nothing to do with phpMailer.
If you want the recipients to see something in the 'to' field, you need to populate it with a dummy value -- for example, 'donotreply#yourdomain.com'.
It is good to send messages like this via BCC, so you're doing the right thing. But if you really want the end user to see his own email address in the 'to' field, then the only way to do it is to send the message to each user as a separate email, so you use the 'to' field and not 'bcc'. However, this will dramatically increase the load on your mail systems, so it's probably not the answer.
That's the nature of email. When a person is BCC'd, they will only see the To:, From: and CC: fields. The BCC field will hide every single email address, even the recipient's.
From wiki:
There are three ways in which the "BCC:" field is used.
In the first case, when a message containing a "BCC:" field is prepared to be sent, the "BCC:" line is removed even though all of the recipients (including those specified in the "BCC:" field) are sent a copy of the message.
In the second case, recipients specified in the "To:" and "CC:" lines each are sent a copy of the message with the "BCC:" line removed as above, but the recipients on the "BCC:" line get a separate copy of the message containing a "BCC:" line. (When there are multiple recipient addresses in the "BCC:" field, some implementations actually send a separate copy of the message to each recipient with a "BCC:" containing only the address of that particular recipient.)
Finally, since a "BCC:" field may contain no addresses, a "BCC:" field can be sent without any addresses indicating to the recipients that blind copies were sent to someone.