R
Robin
Are the relays server bots or legitimate smtp email servers?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
F
F.H. Muffman
Robin said:Are the relays server bots or legitimate smtp email servers?
A relay server is an SMTP server that relays mail messages for a particular
domain, or for specific users, or, in other words, pretty much a normal SMTP
server.
An *open* relay server is an SMTP server that relays mail messages for *any*
domain without any security. (http://en.wikipedia.org/wiki/Open_mail_relay)
H
hba2pd
Is there any way to know the originating place of the email?
F
F.H. Muffman
hba2pd said:Is there any way to know the originating place of the email?
With a very high level of certainty, any user can find the SMTP server on
the internet that accepted the message originally.
With a mid level of certainty, any user can find the IP address of the
machine who submitted the message to that server. I'm not sure there is any
data out there on how much spam comes from a forged IP address.
Now, taking a look at the headers you posted earlier, lets edit it down to
the applicable headers:
Received: by 10.78.12.19 with SMTP id 19cs1718667hul;
Sun, 25 Mar 2007 17:50:50 -0700 (PDT)
Received: by 10.100.7.18 with SMTP id 18mr4452102ang.1174870249836;
Sun, 25 Mar 2007 17:50:49 -0700 (PDT)
Return-Path: <[email protected]>
Received: from Unknown (24-196-86-114.dhcp.mdsn.wi.charter.com
[24.196.86.114])
by mx.google.com with ESMTP id c37si12687764ana.
2007.03.25.17.50.42;
Sun, 25 Mar 2007 17:50:49 -0700 (PDT)
Received-SPF: fail (google.com: domain of (e-mail address removed) does not
designate 24.196.86.114 as permitted sender)
To: "June" <[email protected]>
This email appears to have been handed directly to Google's mail server,
based on the lowest Received: header. The IP address of the machine that
handed the message to the server is 24.196.86.114, which would appear to be
a dsl/cable modem/modem connection through an ISP.
Do I trust that that's actually the machine that sent it? Maybe. It is odd
that a messaging client spoke directly to a mail server that it wouldn't
normally be talking to, and messages to Google's mail server that weren't
for a Google/Gmail address would be refused. Now, a custom built spam
program might be smart enough to do MX record look ups and speak directly to
the applicable server, as well as zombified machine might be written
specifically to do it.
G
Guest
I have a file in .eml that send 100 emails with a fake headers. It is simple
to do it.
Just capture the file in the smtp queue prior to be delivered, open it with
notepad and change what ever you want. Put it back and send id. The e-mail
will be a real spam
to do it.
Just capture the file in the smtp queue prior to be delivered, open it with
notepad and change what ever you want. Put it back and send id. The e-mail
will be a real spam
F.H. Muffman said:hba2pd said:Is there any way to know the originating place of the email?
With a very high level of certainty, any user can find the SMTP server on
the internet that accepted the message originally.
With a mid level of certainty, any user can find the IP address of the
machine who submitted the message to that server. I'm not sure there is any
data out there on how much spam comes from a forged IP address.
Now, taking a look at the headers you posted earlier, lets edit it down to
the applicable headers:
Received: by 10.78.12.19 with SMTP id 19cs1718667hul;
Sun, 25 Mar 2007 17:50:50 -0700 (PDT)
Received: by 10.100.7.18 with SMTP id 18mr4452102ang.1174870249836;
Sun, 25 Mar 2007 17:50:49 -0700 (PDT)
Return-Path: <[email protected]>
Received: from Unknown (24-196-86-114.dhcp.mdsn.wi.charter.com
[24.196.86.114])
by mx.google.com with ESMTP id c37si12687764ana.
2007.03.25.17.50.42;
Sun, 25 Mar 2007 17:50:49 -0700 (PDT)
Received-SPF: fail (google.com: domain of (e-mail address removed) does not
designate 24.196.86.114 as permitted sender)
To: "June" <[email protected]>
This email appears to have been handed directly to Google's mail server,
based on the lowest Received: header. The IP address of the machine that
handed the message to the server is 24.196.86.114, which would appear to be
a dsl/cable modem/modem connection through an ISP.
Do I trust that that's actually the machine that sent it? Maybe. It is odd
that a messaging client spoke directly to a mail server that it wouldn't
normally be talking to, and messages to Google's mail server that weren't
for a Google/Gmail address would be refused. Now, a custom built spam
program might be smart enough to do MX record look ups and speak directly to
the applicable server, as well as zombified machine might be written
specifically to do it.