How was this spam delivered to me?

Hello, I got a spammer message in my junk folder today. While, spam it’self is not unusual, I’m not sure how it was delivered.

Here are the fields:

Subject: Great Gift, Ref Number: E1494s
From :
To :

**** The “To:” email address was changed by me because it is actually someone I know. (This email appears to be addressed to my friend and not me.)

**** The “To:” email in all of my other emails contain my actual email address. (Which is what
I would expect.)

So, my question is: If the “To:” field contains my friends address (and not mine) how did I get it?

My apologies if there is a simple explanation for this. I’m not too high on the knowledge tree when it comes to this subject.

Thanks for any replies

Just some additional info. Here’s the complete header.
I stripped the original email addresses. My friends email address is replaced with “friends_email_addy”. And my email address is replaced with “my_email_addy”

Received: from 1EED238 ([])
by (Sun Java System Messaging Server 6.2-6.01 (built Apr
3 2006)) with SMTP id for; Wed, 03 Oct 2007 08:38:06 -0500 (CDT)
Received: from ([])
(Sun ONE Messaging Server 6.0 Patch 1 (built Jan 28 2004))
with SMTP5 id for; Wed, 03 Oct 2007 20:37:59 +0600
Date: Wed, 03 Oct 2007 13:36:59 -0100
From: “Kaye French”
Subject: Great Gift, Ref Number: E1494s
X-Originating-IP: []

Again, I don’t know how to interpret email headers. All I know is that in Outlooks email window, the “TO:” field contains my friends email address and not mine. I was just wondering how I got it.

I don’t know how to interpret headers either (haven’t even tried), but there can be two other fields, the CC (Carbon Copy) and BCC (Blind Carbon Copy). The addresses in both also receive the message, the difference being that the ones in CC are shown when reading the message but the ones in BCC aren’t (but I guess they are in the header at some point). So maybe you were in the BCC, that’s unusual in spam but who knows, anyway I’d bet the spammer got your address from your friend.

In the back of my mind, that’s what I was afraid of. They just got a computer and don’t know the first thing about them. So, of course, the usual conversation takes place.

Me: The first thing you need to do is install security software.
Her: Huh? What’s that? Why do I need that? Where do I get it?
Me: Don’t worry, I’ll be over first thing in the morning and we’ll take care of it. But don’t connect to the internet until I get there.
Her: Well I’m already on the internet looking for web sites where I can get free music.

At this point, I could just see myself at her house the next day trying to remove all kinds of nasties. So, I didn’t even want to bother at that point. My biggest mistake was giving her my good email address. Another lesson learned I guess

Thanks for your reply

Here’s an interesting read on message headers:

I’ve always understood that the final address is the source, but that’s probably an over-generalization. If your friend has no security or knowledge of such and was searching for “free music” it’s always possible that her machine has become a bot; it doesn’t take long, unfortunately.


AFAIK if you send a mail with BCC entries, the first SMTP server who sees that message generates truly individual mails. So it is guaranteed that no one sees BCC recipients because when you receive the message it is a standard message to you.