boucher

  • Thread starter Thread starter Walt Costanza
  • Start date Start date
W

Walt Costanza

I realize that the email address and domain are spoofed.

The question is, is the ip that appears in the plain text headers
immediately after the spoofed domain name spoofed as well, or is the ip
that appears in the header, real?

Anyone know?
 
On that special day, Walt Costanza, ([email protected]) said...
The question is, is the ip that appears in the plain text headers
immediately after the spoofed domain name spoofed as well, or is the ip
that appears in the header, real?

In 99 percent or more of the cases it is real, because the mail
transport protocol is a dialogue. If the sender says: "I am helo (insert
name), sitting at teh IP number www.xxx.yyy.zzz, and want to mail", it
waits for an answer like "I am the mail server and ready to receive your
mail. please send it" This reply has to be sent back to the correct IP
number, else the sender cannot go to the next step and reply "I received
your permission, here is the text of the mail".


Gabriele Neukam

(e-mail address removed)
 
Back
Top