Re: fake email

From: Wary (noaddress_at_forme.com)
Date: 08/10/04


Date: Tue, 10 Aug 2004 10:37:35 GMT


"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns954075A4A2499juergennieveler@nieveler.org...
> "Wary" <noaddress@forme.com> wrote:
>
> > How do I detect if this has been done?
>
> Check the header generated by your mailserver on delivery (the line
> saying where he received the mail from) to see if it matches the rest
> of the headers (coming from the same ISP, for example).
>
> Everything else can be faked, and there's no way to tell if it is.
>

Does this extract from a SpamCop report show the headar is a fake?

Parsing header:

Received: from f6.mail.ru ([194.67.57.36]) by mta07-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id
<20040806123006.RYVN15997.mta07-svc.ntlworld.com@f6.mail.ru> for <x>; Fri, 6
Aug 2004 13:30:06 +0100
194.67.57.36 found
host 194.67.57.36 = f6.mail.ru (cached)
host f6.mail.ru (checking ip) = 194.67.57.36
Possible spammer: 194.67.57.36
Received line accepted
Relay trusted (194.67.57.36)

Received: from mail by f6.mail.ru with local id 1Bt3qz-000OLg-00 for x;
Fri, 06 Aug 2004 16:29:45 +0400

Ignored

Received: from [62.254.161.34] by win.mail.ru with HTTP; Fri, 06 Aug 2004
16:29:45 +0400
no from
62.254.161.34 found
host 62.254.161.34 (getting name) no name
Possible spammer: 62.254.161.34
Possible relay: 194.67.57.36
194.67.57.36 not listed in relays.ordb.org.
194.67.57.36 has already been sent to relay testers
Received line accepted