[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More on spam

On Sat, Oct 18, 2003 at 09:49:57AM -0600, Paul E Condon wrote:
> On Sat, Oct 18, 2003 at 02:39:27AM -0700, Paul Johnson wrote:
> > On Fri, Oct 17, 2003 at 01:03:31PM -0600, Paul E Condon wrote:
> > > I'm curious about how you can know that -every- From: address was valid.
> > > I think I do not understand how to make such a determination about where
> > > my mail is actually coming from. I would like to learn.
> > 
> > Compare envelope from (not the From: header) to the Received: headers.
> > 
> You presume to much about my knowledge. I use mutt. I turn on full headers.
> Which line in what I see is the 'envelope from'? 

The one right at the top beginning 'From ' (without a colon).

> Which are the 'Received: headers'?

The ones beginning 'Received:'

> Are there also headers that are not 'Received:'? 

The ones which don't begin 'Received:'

> Is it truly impossible for a program to spoof an 'envelope form'?

No, it's dead easy, but swen doesn't appear to do it. I've looked at a
couple of sets of swen headers; the envelope from was
'From windoze.user@some.isp.com' and the originating IP in the
Received: headers was part of a dialup block owned by some.isp.com, so
it does seem plausible that swen's envelope from is not spoofed. No
idea why not though.


Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgp5zuUfYBCh8.pgp
Description: PGP signature

Reply to: