a question on email headers
I am curious how reliable the IP address in email headers is.
For example, here's a header:
(changed a little so I don't give away anyones real address)
Received: from foo.bar.edu ([192.168.99.199])
by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
id 195LgM-0001Yv-00
for <me@my.computer.net>; Tue, 15 Apr 2003 02:20:46 -0600
Received: (from davialbe@localhost)
by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
for me@my.computer.net; Tue, 15 Apr 2003 02:21:56 -0600
That's all of the "Received" headers on this mail. I know this
one is ok (except for the changes I made myself). I sent it
myself, from another system.
My question is about that IP address. That header was generated
by my computer. The address agrees with the one in the log
file (/var/log/exim/mainlog). The name does, too.
I would like to believe that is the real address it came from.
How reliable is it really? How easy is it to spoof?
Reply to: