Re: a question on email headers
On Tue, 15 Apr 2003, Al Davis wrote:
> I am curious how reliable the IP address in email headers is.
> For example, here's a header:
> (changed a little so I don't give away anyones real address)
given the info, i'd guess
a. you sent from your davialbe acct
b. you received on your foo.bar.edu acct
easy to fake the domain name ... common thing of spammers
- do not belive the domain name unless you did a dns reverse
lookup of the ip#
am thinking, there should be another received line entry between
these 2 headers unless you used your "laptop" to send email
to your bar.edu acct from inside their lan
more header fun ??
> Received: from foo.bar.edu ([192.168.99.199])
ip# and supposed domain name of receiving mta
> by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
> id 195LgM-0001Yv-00
> for <email@example.com>; Tue, 15 Apr 2003 02:20:46 -0600
> Received: (from davialbe@localhost)
receiving mta ... your laptop ??
> by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
> for firstname.lastname@example.org; Tue, 15 Apr 2003 02:21:56 -0600
you should also be using sendmail-8.12.9 instead since all
prior versions are supposedly susceptable to remote root exploit
> That's all of the "Received" headers on this mail. I know this
> one is ok (except for the changes I made myself). I sent it
> myself, from another system.
> My question is about that IP address. That header was generated
> by my computer. The address agrees with the one in the log
> file (/var/log/exim/mainlog). The name does, too.
> I would like to believe that is the real address it came from.
> How reliable is it really? How easy is it to spoof?
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org