Re: A request to all mail admins
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 08/29/03
- Next message: Stephen J. Bevan: "Re: Why more than 1 hole in FW for IPSec"
- Previous message: Tim Haynes: "Re: what free proxy server to choose?"
- In reply to: Alan Connor: "Re: A request to all mail admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 12:01:53 GMT
Alan Connor wrote:
> If that was the case, then wouldn't it be easy to track them down?
It is. But reading the "Received" lines is usually done by hand, since
various SMTP servers and clients have somewhet different but legal
formats for writing them, depending on the host names. Usually yoo have
to read them carefully to get the IP address of the sending machine,
then look up the real admins or upstream feed for that site to send your
protest to the right admins. You can take a very good guess at the
original source by parsing all the Received lines, sorting them by time,
and making sure that line A leads to line B to line C, etc.
Forgers of "Received" lines, who are usually spam authors avoiding
automated filters and not virus authors, seem to find it quite difficult
to do correctly. Usually there are big, odd time gaps, often inverted,
and missing SMTP servers in the chain they list.
- Next message: Stephen J. Bevan: "Re: Why more than 1 hole in FW for IPSec"
- Previous message: Tim Haynes: "Re: what free proxy server to choose?"
- In reply to: Alan Connor: "Re: A request to all mail admins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
