I was wondering if it is possible for a malicious entity to add a received field in an email header pretending a stmp server received/processed an email even if that was not the case?
Thank you in advance for the help
Asked
Active
Viewed 18 times
0
-
1Iām voting to close this question because it is not about programming, and is also rather unclear. ā IMSoP Aug 22 '20 at 15:28
-
Yes, it is possible. Every gateway handling the email can (and often will) add various headers. While the RFCs say the gateways must not modify existing headers and only add new headers at the top, you cannot really rely on everybody playing by the rules. Especially not attackers. See also https://stackoverflow.com/questions/63400273/does-order-in-email-headers-indicate-which-mta-inserted-each/63403818#63403818 and [the evil bit](https://www.ietf.org/rfc/rfc3514.txt). ā Robert Aug 24 '20 at 21:22