最近我收到了一些奇怪的电子邮件。电子邮件有不同的From和Reply-To字段。它也To设置为Undisclosed recipients但并不重要。
一开始我以为是假的,但后来我读了这帖子中提到该Received字段不能伪造。对于我所说的电子邮件,收到的邮件似乎是正确的:
Received: (wp-smtpd mx.tlen.pl 14490 invoked from network); 2 Oct 2018 07:19:36 +0200
Received: from mx.beniculturali.it ([194.242.241.200])
(envelope-sender <[email protected]>)
by mx.tlen.pl (WP-SMTPD) with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP
for <[email protected]>; 2 Oct 2018 07:19:36 +0200
Received: from sea2.mail.beniculturali.it (localhost.localdomain [127.0.0.1])
by localhost (Email Security Appliance) with SMTP id 15EE31ECEEA_BB2FFE8B;
Tue, 2 Oct 2018 05:19:36 +0000 (GMT)
Received: from MB2.mail.beniculturali.it (mb2.mail.beniculturali.it [192.168.123.122])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(Client CN "email.beniculturali.it", Issuer "Actalis Authentication CA G3" (not verified))
by sea2.mail.beniculturali.it (Sophos Email Appliance) with ESMTPS id 1C9BD1E9E28_BB2FFE7F;
Tue, 2 Oct 2018 05:19:35 +0000 (GMT)
Received: from MB2.mail.beniculturali.it (192.168.123.122) by
MB2.mail.beniculturali.it (192.168.123.122) with Microsoft SMTP Server (TLS)
id 15.0.1395.4; Tue, 2 Oct 2018 07:19:30 +0200
Received: from ca4.mail.beniculturali.it (192.168.123.144) by
MB2.mail.beniculturali.it (192.168.123.122) with Microsoft SMTP Server (TLS)
id 15.0.1395.4 via Frontend Transport; Tue, 2 Oct 2018 07:19:29 +0200
Received: from MDC.mail.beniculturali.it ([192.168.123.171]) by
ca4.mail.beniculturali.it ([192.168.123.144]) with mapi; Tue, 2 Oct 2018
07:19:29 +0200
是否有可能以Received某种方式欺骗领域,例如使用先进的技术?
答案1
每当电子邮件服务器收到邮件时,它都会在邮件Received顶部添加一个新标题,并原封不动地传递所有其他标题。因此,第一个Received标题始终是可信的(它是由您收到邮件的服务器添加的)。如果您根据第一个标题信任邮件的来源主机/IP,则第二个标题是可信的。如果您信任第二个标题,并且根据第二个标题信任第三个标题的来源 IP,则第三个标题是可信的。此模式对所有标题重复,每个标题都链接在所有较高标题的信任上。请注意单词“and”;链中的一个中断意味着任何较低的Received标题都不可信任,无论它们指示哪个主机/IP。