Re: a question on email headers

To: debian-user@lists.debian.org
Subject: Re: a question on email headers
From: Anders Holmstrom <andersh@silcraft.com.au>
Date: Tue, 15 Apr 2003 19:11:50 +1000
Message-id: <[🔎] 5.2.0.9.0.20030415190401.00a09e00@its2>
In-reply-to: <[🔎] 200304150234.52014.ad19@freeelectron.net>

At 02:34 AM 15/04/03 -0600, Al Davis wrote:

I am curious how reliable the IP address in email headers is.

For example, here's a header:
(changed a little so I don't give away anyones real address)

Received: from foo.bar.edu ([192.168.99.199])
        by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
        id 195LgM-0001Yv-00
        for <me@my.computer.net>; Tue, 15 Apr 2003 02:20:46 -0600
Received: (from davialbe@localhost)
        by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
        for me@my.computer.net; Tue, 15 Apr 2003 02:21:56 -0600
<snip>
How reliable is it really?  How easy is it to spoof?

I was under the impression that the IP in the Received header is the onething you CANNOT forge.

Of course you can (and spammers frequently do) forge a whole Receivedheader so you can only rely on the last one (which is the first one fromthe top :-).


Anders.

Reply to:

Follow-Ups:
- Re: a question on email headers
  - From: Paul Johnson <baloo@ursine.dyndns.org>

References:
- a question on email headers
  - From: Al Davis <ad19@freeelectron.net>

Prev by Date: stl + g++-3.2
Next by Date: Re: a question on email headers
Previous by thread: a question on email headers
Next by thread: Re: a question on email headers
Index(es):
- Date
- Thread