Please consider the following email headers from a message that was returned to the original sender. The multipart bounce message also contains the transcript (clear text + HTML) of the correspondence between the original sender and the intended recipient, which I stripped.
The question is: how did this message end up at gmail?
For a long time I thought I was quite familiar with (E)SMTP, it seems it's not the case anymore. Supposing that it's not a fake bounce, I can only guess that a different envelope recipient has been specified (sender has been hacked?), or there's some bcc map or alias functionality involved on the recipient's MTA.
The following entities have been replaced with their respective placeholders:
%original sender%– a person who actually forwarded the bounce message to
%intended recipient%– the person who's worried about her security, because %original-sender% forwarded her this bounce message
%totally email@example.com– someone's email address, whom neither %original-sender% nor %intended-recipient% had correspondence with.
From: Mail Delivery System [mailto:Mailer-Daemon@]
Sent: Thursday, October 17, 2013 1:22 PM
To: %original sender%
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
**%totally unrelated%** @gmail.com SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [2a00:1450:4001:c02::1b]: 550-5.7.1 [ **%currently unreachable IPv6 address%** 16] Our system has detected 550-5.7.1 that this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. u47si3796594eel.284 - gsmtp ------ This is a copy of the message, including all the headers. ------ Return-path: <**%original sender%**> Received: from **%MX of intended recipient%** ([ **%IP address of MX of intended recipient%** ]) by **%another MTA in the network of recipient's ISP%** with esmtp (Exim 4.63 #1 (Debian)) id 1VWleU-0006QW-Pl from < **%original sender%** > for < **%totally unrelated%** @gmail.com>; Thu, 17 Oct 2013 13:22:02 +0200 Received: from **%MTA of sender's ISP%**([**%IP of MTA of sender's ISP%**]) by **%MX of intended recipient%** with esmtp (Exim 4.69 #1 (Debian)) id 1VWleU-0004oq-JG for <**%intended recipient%**>; Thu, 17 Oct 2013 13:22:02 +0200 Received: from **%sender's hostname%** (**%sender's PTR%**[ **%sender's IP%** ]) by **%MTA of sender's ISP%**(Postfix) with ESMTPA id 3d0nyG0hwJz1741X for <**%intended recipient%**>; Thu, 17 Oct 2013 13:21:41 +0200 (CEST) From: **%sender's name encoded%** <**%original sender%**> To: **%intended recipient's name encoded%** <**%intended recipient%**> References: <000c01cecb17$d9321ef0$8b965cd0$@tlh> In-Reply-To: <000c01cecb17$d9321ef0$8b965cd0$@tlh> Subject: **%subject line encoded%** Date: Thu, 17 Oct 2013 13:21:41 +0200 Message-ID: <00b701cecb2b$0dfd9d40$29f8d7c0$@**%sender's domain%**> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B8_01CECB3B.D1866D40" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQGITggPsq7UFiUmFwcnkdC2rH3HB5qFuXTQ Content-Language: tlh This is a multipart message in MIME format.
The end user is forwarding their email via the MTA (like /etc/aliases).