Re: a question on email headers
At 02:34 AM 15/04/03 -0600, Al Davis wrote:
I am curious how reliable the IP address in email headers is.
For example, here's a header:
(changed a little so I don't give away anyones real address)
Received: from foo.bar.edu ([192.168.99.199])
by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
for <firstname.lastname@example.org>; Tue, 15 Apr 2003 02:20:46 -0600
Received: (from davialbe@localhost)
by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
for email@example.com; Tue, 15 Apr 2003 02:21:56 -0600
How reliable is it really? How easy is it to spoof?
I was under the impression that the IP in the Received header is the one
thing you CANNOT forge.
Of course you can (and spammers frequently do) forge a whole Received
header so you can only rely on the last one (which is the first one from
the top :-).