Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OE Email Header Value for: X-POP-User: exposes Alternate Email Addresses + doesn't match From:

Status
Not open for further replies.
BJZeak

BJZeak

Programmer
May 3, 2008
230
CA
Just noticed a peculiar email header the other day from a client ... Outlook Express 6 running on a XP VM in Win 7 Pro 64 (please don't ask why) has several email accounts set up to use POP3/SMTP services from both a domain based email server provider and the ISP's domain ... OE correctly assigns the Default Account address to From: OR allows the user to select from one of the other assigned accounts ... what is odd, OE appears to be also sending a X-POP-User value in the header ... this value appears to be randomly selected from one of the other assigned Accounts. My expectation is that this value should either match the From address OR at least have a consistent value ... what was totally unexpected is that it presents the downstream recipient with an alternate email address ... in my mind I maintain alternate email addresses for good reason ... the last thing I would expect is OE to just start broadcasting random alternate addresses.

adr1@ispdomain.com Default
adr2@theirdomain.com
adr3@theirdomain.com
adr4@theirdomain.com

There doesn't appear to be any settings in OE that might relate to how this value X-POP-User value should be used ... OE doesn't have a login to identify a User ... so what is this header value? ... should I be concerned with this mismatch other then from my point that it exposes addresses that I might want to be kept private? ... Perhaps this may finally present a way to convince the user to let go of OE?

Header1 (X-POP-User not

X-Symantec-TimeoutProtection: 0
Envelope-to: me@mydomain.com
X-POP-User: ard2@theirdomain.com
X-VIP: 123.123.123.123
From: "Them" <adr1@ispdomain.com>
To: "Me" <me@mydomain.com>
Subject: testing

Header2 (new email, same metrics, X-POP-User doesn't match previous Example)

X-Symantec-TimeoutProtection: 0
Envelope-to: me@mydomain.com
X-POP-User: ard4@theirdomain.com
X-VIP: 123.123.123.123
From: "Them" <adr1@ispdomain.com>
To: "Me" <me@mydomain.com>
Subject: testing

Header3 (from a different account)

X-Symantec-TimeoutProtection: 0
Envelope-to: me@mydomain.com
X-POP-User: ard1@ispdomain.com
X-VIP: 123.123.123.123
From: "Them" <adr2@theirdomain.com>
To: "Me" <me@mydomain.com>
Subject: testing
 
Sort by date Sort by votes
You will probably find that it is the mailbox that the user currently has "active" and is displaying messages from.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Deleting Graphics from eMail Signature 1
Replies
4
Views
223
dik
dik
dik
  • Locked
  • Question
Expanding eMail Messages in Thunderbird 1
Replies
2
Views
228
dik
dik
Abubakkar Siddik
  • Locked
  • Question
Migrating users from Mail Enable to Office 365
Replies
0
Views
163
Abubakkar Siddik
Abubakkar Siddik
bdeal4122
  • Locked
  • Question
Vanishing emails
Replies
4
Views
216
sbcglobaltech
sbcglobaltech
IcarusHallsorts
  • Locked
  • Question
Delaying a batch of emails in Outlook Drafts folder.
Replies
2
Views
291
IcarusHallsorts
IcarusHallsorts

Part and Inventory Search

Sponsor

Back
Top