Reputation: 315
Email header with multiple received fields: How can this happen and can this be used to fight SPAM
I often receive fishing /SPAM emails with multiple received fields.
First, I'd like to understand how one email header can have more than one received field.
Second, I'd like to know if I can use this to fight SPAM.
Here is an example:
Return-Path:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on myhosting.com
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=3.5 tests=HTML_MESSAGE autolearn=ham
version=3.3.2
X-Spam-ASN:
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from posta.abak.si (posta.abak.si [84.255.212.92])
by myhosting.com (Postfix) with ESMTPS id 522CA80DC8
for ; Wed, 8 May 2019 14:31:59 +0200 (CEST)
Authentication-Results: myhosting.com;
dmarc=none (p=NONE sp=NONE) smtp.from=mk.kema-on.net header.from=mk.kema-on.net;
spf=none (sender IP is 84.255.212.92) [email protected] smtp.helo=posta.abak.si
Received-SPF: none (myhosting.com: no valid SPF record)
Received: from localhost (localhost [127.0.0.1])
by posta.abak.si (Postfix) with ESMTP id 2C09E1E6A7D7
for ; Wed, 8 May 2019 14:35:06 +0200 (CEST)
Received: from posta.abak.si ([127.0.0.1])
by localhost (posta.abak.si [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id dw1MvahvfmXL for ;
Wed, 8 May 2019 14:35:05 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by posta.abak.si (Postfix) with ESMTP id EB2B21E6A3C6
for ; Wed, 8 May 2019 14:30:12 +0200 (CEST)
X-Virus-Scanned: amavisd-new at posta.abak.si
Received: from posta.abak.si ([127.0.0.1])
by localhost (posta.abak.si [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id luUYSdWOdHLE for ;
Wed, 8 May 2019 14:30:12 +0200 (CEST)
Received: from IP-129-13.dataclub.eu (unknown [84.38.129.13])
by posta.abak.si (Postfix) with ESMTPA id B18CD1E6A7A6
for ; Wed, 8 May 2019 14:25:39 +0200 (CEST)
Content-Type: multipart/alternative; boundary="===============0253676305=="
MIME-Version: 1.0
Subject: Warning: you have (3) Undelivered messesges
To: [email protected]
From: "Webmaster"
Date: Wed, 08 May 2019 15:25:37 +0300
Message-Id:
Message Body
Upvotes: 4
Views: 5715
Answers (1)
Reputation: 477
Every mail server that processes an email adds its own Received field to the header. It is normal for emails to pass through several email servers when traveling across the internet from the sender's computer to the final destination.
https://www.rfc-editor.org/rfc/rfc5321#section-4.4
When an SMTP server receives a message for delivery or further
processing, it MUST insert trace ("time stamp" or "Received")
information at the beginning of the message content,
Looking at the first Received field,
Received: from IP-129-13.dataclub.eu (unknown [84.38.129.13])
by posta.abak.si (Postfix) with ESMTPA id B18CD1E6A7A6
for ; Wed, 8 May 2019 14:25:39 +0200 (CEST)
you will notice that it says which server it received the mail from (the "FROM" clause), and which server received it (the "BY" clause").
As you read through the list of Received fields in the header you posted, you will notice that they are all linked in this fashion.
Upvotes: 5
Related Questions
- Is it possible to decode a SPAMCAUSE field in a mail header?
- Parsing email "Received:" headers
- Are email headers different when email is in spam?
- Email: legitimate duplicate email header keys with mutually exclusive values
- Understanding email headers: x-beenthere and x field
- Postfix header checks multiple actions
- SpamAssassin filter header
- Postfix screwing up email headers!
- Sensitive information in email headers?
- How to read email headers?