Re: fake email
From: Wary (noaddress_at_forme.com)
Date: Tue, 10 Aug 2004 14:00:26 GMT
"Juergen Nieveler" <email@example.com> wrote in message
> "Wary" <firstname.lastname@example.org> wrote:
> > Does this extract from a SpamCop report show the headar is a fake?
> > Parsing header:
> > Received: from f6.mail.ru ([18.104.22.168]) by mta07-svc.ntlworld.com
> > (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id
> ><20040806123006.RYVN15997.email@example.com> for <x>;
> > Fri, 6 Aug 2004 13:30:06 +0100
> > 22.214.171.124 found
> > host 126.96.36.199 = f6.mail.ru (cached)
> > host f6.mail.ru (checking ip) = 188.8.131.52
> Checks with the nslookup I just did - f6.mail.ru is 184.108.40.206. So if
> the above is the last received-line added to the headers, you are
> sitting behind mta07-svc.ntlworld.com, and this machine has indeed
> received that mail from f6.mail.ru, unless there's somebody out there
> who is terribly good as IP-spoofing.
> Every Received-Header below this one could possibly be faked, as
> f6.mail.ru could have added it himself...
what looked suspicious to me was that SpamCop i gnored the second Received
line ( from mail by f6.mail.ru with local id 1Bt3qz-000OLg-00 for x;
Fri, 06 Aug 2004 16:29:45 +0400)
I freely admit this is a subject with which I am unfamiliar.