Stuart McLachlan
stuart at lexacorp.com.pg
Sun Feb 12 16:35:57 CST 2006
On 12 Feb 2006 at 17:25, Bryan Carbonnell wrote: > On 12/02/06, Rocky Smolin - Beach Access Software <bchacc at san.rr.com> wrote: > > Can't be traced fro the headers, then? (Just fishing here. I have no > > idea what I'm talking about.) > > It can be traced via the headers, sort of. Unfortunately the headers > can be forged too. > > Assuming that the headers you posted are all the headers, and they > haven't been forged, the e-mail came from 213.208.215.253 > > It's these 2 headers that tell me that: > > Received: from 213.208.215.253 > (SquirrelMail authenticated user sales at abnamro.com); > by coastalmailing.com with HTTP id J85Gz005549515; > Sun, 12 Feb 2006 11:14:30 +0000 > Message-Id: <tSsMvO.squirrel at 213.208.215.253> > > But, I wouldn't bet your coffee money on them not being forged. > I'd bet the 213.208.215.253 is forged. It doesn't resolve. The only one you can trust is the last Received header since that's your own mail server's connection and the address is the one that your server was sending its responses to. In this case, since it's a dynamic address in .tw, I'd bet my coffee money on that being the actual originator of the email. -- Stuart