How can email possibly be routed to the right place with no to: address?
I'm no novice on networking technology, but one thing I don't really know much about in detail is email and headers. How does email work SPECIFICALLY?
I'm getting spam in my hotmail inbox when I've made painful attempts to not give out my actual email. I use my own domain name to forward email to my inbox using several aliases. Yet now I'm getting spam with no address in the to: line, or also "undisclosed recipients". Looking at the headers is of no help whatsoever.
So from a technical standpoint, I have to wonder... if I send an email to a certain address in my personal domain and it gets forwarded to my hotmail account, how does hotmail know what inbox to dump the message in if that address is not listed in the headers?
This is a fairly common source of confusion. There are two places in a standard email transmission where the to: address is specified - once in the "envelope" and once in the visible email headers.
The envelope recipient address is specified during the SMTP transaction, and you will never see the value that is set there. It is solely used by the SMTP server to route the message.
The to: header in the email itself is optional, which is what you're seeing in your hotmail account.
Here's the flow of a standard SMTP transaction:
erik@host:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost ESMTP Postfix (Ubuntu)
helo example.com
250 localhost
mail from: [email protected]
250 2.1.0 Ok
rcpt to: [email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
To: [email protected]
Subject: This is the subject
This is the message body.
.
250 2.0.0 Ok: queued as 19CE221FDA
The address specified after rcpt to: is the the envelope recipient address. The address specified in the to: line after data is what shows up in your email client. These two values do not have to match, and as mentioned earlier, the to: in the data portion is optional.
To add to ErikA's answer: think of a regular letter you send by post. You write the letter on some kind of stationary with a letterhead, containing sender and recipient addresses, a subject line and other information. A classical example is shown here: http://en.wikipedia.org/wiki/File:Einstein_Szilard_p1.jpg. This corresponds to the email headers your mail client displays.
Then you put that written letter into an envelope. The information in the letter is not visible to anyone, because the letter is stuffed into the envelope. You have to write the sender and recipient addresses on the envelope itself for the post office to be able to deliver the letter. This corresponds to SMTP envelope headers.
If the information on the envelope is not correct the post office cannot and will not deliver the letter. SMTP behaves just the same.
If, however, the actual letter itself does not contain a proper letterhead there are no real consequences. Sure, the recipient will not be pleased and your letter will be considered bad form, but this does not affect the post's ability to deliver the letter. The post only looks at the envelope, not the actual letter itself. Email delivery via SMTP works the same way. It even uses similar terminology.
Because of this you can find email in your inbox that does not have proper email headers, such as To:, From: or Subject:. What matters for delivery are the SMTP envelope headers. Nothing else.