[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a question on email headers

At 02:34 AM 15/04/03 -0600, Al Davis wrote:
I am curious how reliable the IP address in email headers is.

For example, here's a header:
(changed a little so I don't give away anyones real address)

Received: from foo.bar.edu ([])
        by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
        id 195LgM-0001Yv-00
        for <me@my.computer.net>; Tue, 15 Apr 2003 02:20:46 -0600
Received: (from davialbe@localhost)
        by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
        for me@my.computer.net; Tue, 15 Apr 2003 02:21:56 -0600
How reliable is it really?  How easy is it to spoof?

I was under the impression that the IP in the Received header is the one thing you CANNOT forge.

Of course you can (and spammers frequently do) forge a whole Received header so you can only rely on the last one (which is the first one from the top :-).


Reply to: