With many e-mail services, you can get tricked into believing an e-mail has been sent from a different address.
Using smtplib in Python, you can easily do the trick by manipulating the From argument.
gmail is not prone to that as they print the via argument which shows the original server.
However, what I cannot find anywhere is how do you retrieve the original (not manipulated) server name in Python, the same as gmail does with their via functionality?
I've tried the imaplib and email libraries, but there I can only access the already manipulated sender.
Any ideas? Is that solely linked to the configuration of a particular provider (e.g. Google, Outlook, hotmail, etc.), or can something be done regardless of that?
Here is part of the code I'm currently using (no success):
import imaplib
import email
obj = imaplib.IMAP4('imap', portn)
obj.login('username', 'password')
obj.select('INBOX')
uidl_list = [68720]
resp, data = obj.uid('FETCH', ','.join(map(str, uidl_list)) , '(BODY.PEEK[HEADER.FIELDS (From Subject)] RFC822.SIZE)')
Never heard about the via field. It is related to this particular provider.
You may check the Received headers of the mail to know what SMTP servers the message went through. Assuming those are not fake and were not modified along the way (i.e. assuming you trust the servers), they should point you to the SMTP server the user connected to to send the message.
Example:
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2617:f8c0:4864:20::331])
by smtp.domain.tld (Postfix) with ESMTPS id 6C488D0F8
for <user@domain.tld>; Mon, 19 Nov 2018 21:13:54 +0100 (CET)
Received: by mail-ot1-x333.google.com with SMTP id w25so38121669otm.11
for <user@domain.tld>; Mon, 19 Nov 2018 12:13:54 -0800 (PST)
A user connected to mail-ot1-x333.google.com, posted a message for user@domain.tld. The SMTP server added the Received header that appears at the bottom. Then, it sent the message to domain.tld, and Postfix server at domain.tld added the header that appears on top.
From RFC 5321, the Received headers are always added on top.
An Internet mail program MUST NOT change or delete a Received: line
that was previously added to the message header section. SMTP
servers MUST prepend Received lines to messages; they MUST NOT change
the order of existing lines or insert Received lines in any other
location.
The last one should always be the one indicating the SMTP server the user connected to.
Note that there are good reasons to have a From domain that does not match the SMTP server used for sending the message.: