Re: fake email

From: Wary (noaddress_at_forme.com)
Date: 08/10/04

  • Next message: Tyrant: "Firewalls....."
    Date: Tue, 10 Aug 2004 14:00:26 GMT
    
    

    "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
    news:Xns954193D54535Cjuergennieveler@nieveler.org...
    > "Wary" <noaddress@forme.com> wrote:
    >
    > > Does this extract from a SpamCop report show the headar is a fake?
    > >
    > > Parsing header:
    > >
    > > Received: from f6.mail.ru ([194.67.57.36]) by mta07-svc.ntlworld.com
    > > (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id
    > ><20040806123006.RYVN15997.mta07-svc.ntlworld.com@f6.mail.ru> for <x>;
    > > Fri, 6 Aug 2004 13:30:06 +0100
    > > 194.67.57.36 found
    > > host 194.67.57.36 = f6.mail.ru (cached)
    > > host f6.mail.ru (checking ip) = 194.67.57.36
    >
    > Checks with the nslookup I just did - f6.mail.ru is 194.67.57.36. So if
    > the above is the last received-line added to the headers, you are
    > sitting behind mta07-svc.ntlworld.com, and this machine has indeed
    > received that mail from f6.mail.ru, unless there's somebody out there
    > who is terribly good as IP-spoofing.
    >
    > Every Received-Header below this one could possibly be faked, as
    > f6.mail.ru could have added it himself...
    >

    what looked suspicious to me was that SpamCop i gnored the second Received
    line ( from mail by f6.mail.ru with local id 1Bt3qz-000OLg-00 for x;
    Fri, 06 Aug 2004 16:29:45 +0400)

    I freely admit this is a subject with which I am unfamiliar.


  • Next message: Tyrant: "Firewalls....."