Product » Xeams » Knowledge Base
|Subject:||Difference between envelope and header from|
|Creation date:||8/17/17 2:39 PM|
|Last modified on:||8/15/18 10:54 AM|
Envelope vs Header FROM
The sender's email address is specified twice when email messages are delivered from a sender to recipient.
This article explains the difference between these two addresses in non-technical terms.
As described in another article that talks about SMTP Relay
, the design of our modern
email system is based upon snail mail. Therefore, in order to understand how email works, we are going to analyze
how snail mail works.
There are two parts of any package you receive from your regular postal mail: An envelope and a letter inside that envelope.
Part 1 - The Envelope
It contains the following information:
- Sender's name and address - tag 1 in the image. If a package cannot be delivered, the post office will use this address to return it back to the sender.
- Recipients name and address - tag 2 in the image
- A stamp by the post office containing the time and the name of the town - tag 3 in the image
This letter appears to have been sent by James Baker
who works for XYZ, Inc.
- It is very easy to forge the sender's name and company name
- The post office will deliver the message without opening the envelope
- The post office will stamp the letter on the upper right hand corner with current date and the location where it came from
- If the letter goes through multiple post offices, all of them have the option of stamping the envelope
Part 2 - Actual Letter
This contains the following information:
- A header towards the top - tag 1 in the image
- This header contain sender's information (tag 2) and possibly a date when the letter was composed. (tag 3)
- Actual body, which appears at the bottom
- Notice the name of the sender on the actual letter is Jack Smith, which is different than what was specified on the envelope
- If Mary did not look at the envelope, she would have thought the letter was sent by Jack Smith who also works for ABC, Inc., the same company
that Mary works for
- The sender could have easily put an invalid date as well as their contact information in attempt to make her believe Jack Smith is the sender
- If Mary is not careful and does not detect any fraud, she may take action that should would not have taken otherwise.
Similarities with Email
Since email systems are designed based on snail mail, it also contains an Envelope and Letter. There are a few differences, which are mentioned below. This
communication is based on RFC 5321
Part 1 - The Envelope
Envelope is the communication between and SMTP Client and Server. See a sample envelope on the right side.
Messages sent by client are indicated by
C: and server's responses are indicated by
Following is true with an email envelope.
- The client and server first greet each other with a HELO command.
- Client sends a
MAIL FROM command representing the sender's email address. This value is also used to
send a non-delivery report (NDR) when message cannot be delivered.
- The server response with a
250 OK if this sender is acceptable.
- Next, the client sends one or more recipient's email address using the
RCPT TO command.
- Again, the server responds with a
250 OK, provided the recipient is acceptable. If the server returns a rejection
code, the sender will generate an NDR. In this case, the actual message will never get sent to the receiving SMTP server.
- It is very easy to specify a fake/forged address in the
MAIL FROM command
- The receiving server has the ability to check a few things, such as sender's IP address, MX record and FQDN before accepting any email.
S: 220 foo.com Service Ready
C: HELO bar.com
S: 250 OK
C: MAIL FROM:<email@example.com>
S: 250 OK
C: RCPT TO:<firstname.lastname@example.org>
S: 250 OK
S: 354 Start mail input;
C: Actual email is sent here
S: 250 OK
Part 2 - Actual Email
When users receive the email, they do not see the envelope. Email clients only display the "Letter". This message must conform to rules specified in
- An email is divided into at least two parts: Header and Body
- Header is used to contain some meta data about the message, such as Sender's name and email, date it was composed, subject and others.
- The sender's email address and name is specified in the
FROM header and its value looks like
Jack Smith <email@example.com>.
- The sender's email address can be different from the envelope's
- Since an email client will only display the FROM header (RFC5322.FROM), the user will never know what was the value for the RFC5321.MAILFROM in the envelope.
When are these values used
The following table summarizes the two different values for the sender.
Envelope From (RFC5321.MAIL FROM)
- Used by the SMTP server to generate NDR
- Used by SPF filter to determine if it came from the designated IP address.
Header From (RFC5322.FROM)
- Used by the email client to display information in the From field.
- Used by DMARC filter to confirm if the message is authentic
Challenges faced by email recipients
- Email addresses specified in the envelope MAIL FROM as well as Email header can be forged, which is depicted from the example
above: the sender in MAIL FROM is
firstname.lastname@example.org but in the Email Header, the same value is set to
email@example.com. To prevent such forgeries,
email recipient's email server could use technologies like SPF and DMARC.
Note that the information presented in the envelope never
reaches the user's email client such as MS Outlook/Thunderbird. Therefore, a forged email must be blocked by spam filters before the message
reaches user's Inbox.
- No standard technology exist, as of now, to check if the user name in the message header is forged. As a result, spammers use several tricks to
make the recipients believe message came from a trusted source.
Check CEO forgery as an example.
Posted by Saad Khan on 9/17/20 12:28 AM
Posted by Wrigley on 9/8/20 6:01 PM
Fantastic, clear summary. Bravo to the author!
Posted by Ru on 7/31/20 3:48 AM
The sender's email address and name is specified in the FROM header and its value looks like Mary Jane <firstname.lastname@example.org>.
Shouldn't the from address be from "Jack Smith" here?
Posted by John Lee on 11/18/19 6:04 PM
This is the most concise description of Email Envelope and Email Header I could ever find on the Internet. Thank you very much!
Posted by uros on 9/23/20 5:39 AM
Great example, very concisely explained. I loved the "Important points" part and find them short and easy to remember. Thank you!
Add a comment to this document
Do you have a helpful tip related to this document that you'd like to share
with other users? Please add it below. Your name and tip will appear at the
end of the document text.