Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …
To explain the difference between MailFrom and From and the one between RcptTo and To, a quick reminder of the structure is required. An e-mail is made up of 2 distinct parts :
– The first is the envelope containing the MailFrom and the RcptTo(s). These are the elements needed to establish SMTP communication,
– The second part of an e-mail consists of the data that will be displayed in the messaging software, including the From and To fields.
You’ll find a more detailed explanation in this article: How mail works.
MailFrom is an essential step in the mail transaction, he is the actual sender of the e-mail. If there is no MailFrom, this step stops and no mail is sent. MailFrom is also called Sender-Address or envelope address.
As for the From, it is contained in the e-mail data and it is optional. It corresponds to the sender’s email address and name. as displayed by the recipient’s e-mail client.
In the vast majority of mailings, the MailFrom and the From will be identical.
But as soon as you use a mailing service (newsletter or advertising), an application or even certain modules of website contact form, they’re bound to be different.
This is the method used by spammers when they want to hide the sender’s real address by spoofing an address in the From. The best-known and most widely used is the President or FOVI scam.
For information, the analysis carried out for the SPF verification is always based on the MailFrom domain, never on the From domain. The MailFrom also refers to thebounce address.
Like MailFrom, RcptTo is mandatory in SMTP connection establishment: if not present, no mail will be sent cannot be sent. The outgoing mail server sets up a SMTP communication via RcptTo to the domain’s mail server recipient. It analyzes the address sent, and if it’s not not in its list of known addresses, it interrupts communication with a error code 5XX and the email is not sent.
The To, like the From, is optional. It corresponds to the address email address and the recipient’s name as displayed by the the recipient user. In the majority of cases, RcptTo and To will be but RcptTo can be a mailing list: in this case To will be your e-mail address, not the mailing list address.
The RcptTo lists all the recipients of the e-mail, whether they are in the To, the Cc(Carbon Copy) or the Bcc/Cci(Blind Carbon Copy/Copie Carbone Invisible). The distinction is only made when processing mail data by the mail server. An email is then sent to each of the recipient servers according to the domain names of the recipients.
To illustrate this, let’s take the following example: The actual sender (an emailing company) “expediteur@mailfrom.com” sends an email to various recipients “dest1@to.com”, “dest2@cc.com” and “dest1@bcc.com” on behalf of its customer from.com. The from will then be “expediteur@from.com”. The mailfrom.com mail server will send an e-mail to each recipient mail server: to.com, cc.com and bcc.com. But the To and Cc information in the e-mail will be the same for all recipients. The Bcc will not appear, but the e-mail will be sent to this recipient.
SMTP communications to recipients will be as follows:
dest1@to.com | dest2@cc.com | dest3@bcc.com |
ehlo mailfrom.com 250-srv.to.com 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP mail from: expediteur@mailfrom.com 250 “MAIL FROM OK.” rcpt to: dest1@to.com 250 “RCPT TO OK.” data 354 Enter message, ending with “.” on a line by itself from: expediteur@from.com to: dest1@to.com cc: dest2@cc.com bcc: dest3@bcc.com Subject: Send mail This is the text of the mail. . 250 OK |
ehlo mailfrom.com 250-srv.to.com 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP mail from: expediteur@mailfrom.com 250 “MAIL FROM OK.” rcpt to: dest2@cc.com 250 “RCPT TO OK.” data 354 Enter message, ending with “.” on a line by itself from: expediteur@from.com to: dest1@to.com cc: dest2@cc.com bcc: dest3@bcc.com Subject: Send mail This is the text of the mail. . 250 OK |
ehlo mailfrom.com 250-srv.to.com 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP mail from: expediteur@mailfrom.com 250 “MAIL FROM OK.” rcpt to: dest3@bcc.com 250 “RCPT TO OK.” data 354 Enter message, ending with “.” on a line by itself from: expediteur@from.com to: dest1@to.com c : dest2@cc.com bcc: dest3@bcc.com Subject: Send mail This is the text of the mail. . 250 OK |
The 3 recipients will see this e-mail displayed in their e-mail software:
As you can see, the recipient “dest3@bcc.com” is not displayed, as it is a hidden copy of the e-mail.
Spammers also use this method. Often, the To doesn’t correspond to your address, or even doesn’t exist, but the mail is relayed to your mailbox because your address is in the RCPT TO of the SMTP transaction.
Mails are sent according to the Mail From and RCPT TO, the From and TO are only optional elements and are displayed in your mail messaging software, so you often need to pay special attention to them.
To find out more about the precautions to take when in doubt about an e-mail, we invite you to read this article here.
Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …