G
guanxi
Hello,
Is it possible to spoof Received headers, without actually hacking the
receiving mail system?
I'm trying to pinpoint the source of a virus that spreads by e-mail.
Many factors point to one computer on one network, but the Received:
header on every msg points to a computer on a different network, a
thousand miles away.
I doubt it's feasible for a virus to forge the Received: header, since
I believe the receiving mail system (pair.com in this case) stamps it
on there.
For reference, below the headers from one e-mail.
Thanks in advance,
Tom
Sample message headers. The Received line I'm referring to is the
earliest one, from Comcast by Pair.
(all e-mail addresses changed to (e-mail address removed))
==========================
Return-Path: <[email protected]>
Delivered-To: intelinc-intelligenceinc:[email protected]
X-Envelope-To: (e-mail address removed)
Received: (qmail 59778 invoked by uid 3186); 11 May 2004 03:20:26
-0000
Delivered-To: intelinc-intelligenceinc:[email protected]
Received: (qmail 59773 invoked from network); 11 May 2004 03:20:24
-0000
Received: from pcp04474417pcs.brmngh01.mi.comcast.net (HELO
oemcomputer.net) (68.40.27.77)
by peulik.pair.com with SMTP; 11 May 2004 03:20:24 -0000
Date: Mon, 10 May 2004 23:20:23 -0500
To: (e-mail address removed)
Subject: Notify from a known person ;-)
From: (e-mail address removed)
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------bwweayaoupdjwphharjj"
X-Spam-Filtered: b259681148507707756f433aa0fa902f
X-Spam-Status: No, hits=-101.5 required=3.5
tests=HTML_IMAGE_ONLY_04,MIME_HTML_ONLY,USER_IN_WHITELIST,NO_REAL_NAME,MIME_MISSING_BOUNDARY,BAYES_00,HTML_MESSAGE
X-Spam-Flag: NO
X-Spam-Level:
Is it possible to spoof Received headers, without actually hacking the
receiving mail system?
I'm trying to pinpoint the source of a virus that spreads by e-mail.
Many factors point to one computer on one network, but the Received:
header on every msg points to a computer on a different network, a
thousand miles away.
I doubt it's feasible for a virus to forge the Received: header, since
I believe the receiving mail system (pair.com in this case) stamps it
on there.
For reference, below the headers from one e-mail.
Thanks in advance,
Tom
Sample message headers. The Received line I'm referring to is the
earliest one, from Comcast by Pair.
(all e-mail addresses changed to (e-mail address removed))
==========================
Return-Path: <[email protected]>
Delivered-To: intelinc-intelligenceinc:[email protected]
X-Envelope-To: (e-mail address removed)
Received: (qmail 59778 invoked by uid 3186); 11 May 2004 03:20:26
-0000
Delivered-To: intelinc-intelligenceinc:[email protected]
Received: (qmail 59773 invoked from network); 11 May 2004 03:20:24
-0000
Received: from pcp04474417pcs.brmngh01.mi.comcast.net (HELO
oemcomputer.net) (68.40.27.77)
by peulik.pair.com with SMTP; 11 May 2004 03:20:24 -0000
Date: Mon, 10 May 2004 23:20:23 -0500
To: (e-mail address removed)
Subject: Notify from a known person ;-)
From: (e-mail address removed)
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------bwweayaoupdjwphharjj"
X-Spam-Filtered: b259681148507707756f433aa0fa902f
X-Spam-Status: No, hits=-101.5 required=3.5
tests=HTML_IMAGE_ONLY_04,MIME_HTML_ONLY,USER_IN_WHITELIST,NO_REAL_NAME,MIME_MISSING_BOUNDARY,BAYES_00,HTML_MESSAGE
X-Spam-Flag: NO
X-Spam-Level: