Recentemente ho ricevuto degli strani messaggi e-mail. L'e-mail ha diversi campi From
e Reply-To
. Ha anche To
impostato su Undisclosed recipients
ma non è cruciale.
All'inizio pensavo fosse falso, ma poi ho letto questo post che indica che il campo Received
non può essere falsificato. Sembra che sia stato ricevuto correttamente nel caso dell'e-mail di cui sto parlando:
Received: (wp-smtpd mx.tlen.pl 14490 invoked from network); 2 Oct 2018 07:19:36 +0200
Received: from mx.beniculturali.it ([194.242.241.200])
(envelope-sender <[email protected]>)
by mx.tlen.pl (WP-SMTPD) with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP
for <[email protected]>; 2 Oct 2018 07:19:36 +0200
Received: from sea2.mail.beniculturali.it (localhost.localdomain [127.0.0.1])
by localhost (Email Security Appliance) with SMTP id 15EE31ECEEA_BB2FFE8B;
Tue, 2 Oct 2018 05:19:36 +0000 (GMT)
Received: from MB2.mail.beniculturali.it (mb2.mail.beniculturali.it [192.168.123.122])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(Client CN "email.beniculturali.it", Issuer "Actalis Authentication CA G3" (not verified))
by sea2.mail.beniculturali.it (Sophos Email Appliance) with ESMTPS id 1C9BD1E9E28_BB2FFE7F;
Tue, 2 Oct 2018 05:19:35 +0000 (GMT)
Received: from MB2.mail.beniculturali.it (192.168.123.122) by
MB2.mail.beniculturali.it (192.168.123.122) with Microsoft SMTP Server (TLS)
id 15.0.1395.4; Tue, 2 Oct 2018 07:19:30 +0200
Received: from ca4.mail.beniculturali.it (192.168.123.144) by
MB2.mail.beniculturali.it (192.168.123.122) with Microsoft SMTP Server (TLS)
id 15.0.1395.4 via Frontend Transport; Tue, 2 Oct 2018 07:19:29 +0200
Received: from MDC.mail.beniculturali.it ([192.168.123.171]) by
ca4.mail.beniculturali.it ([192.168.123.144]) with mapi; Tue, 2 Oct 2018
07:19:29 +0200
È possibile spoofare il campo Received
in qualche modo, magari usando tecniche avanzate?