On Sat, Oct 18, 2003 at 09:49:57AM -0600, Paul E Condon wrote: > On Sat, Oct 18, 2003 at 02:39:27AM -0700, Paul Johnson wrote: > > On Fri, Oct 17, 2003 at 01:03:31PM -0600, Paul E Condon wrote: > > > I'm curious about how you can know that -every- From: address was valid. > > > I think I do not understand how to make such a determination about where > > > my mail is actually coming from. I would like to learn. > > > > Compare envelope from (not the From: header) to the Received: headers. > > > > You presume to much about my knowledge. I use mutt. I turn on full headers. > Which line in what I see is the 'envelope from'?
The one right at the top beginning 'From ' (without a colon). > Which are the 'Received: headers'? The ones beginning 'Received:' > Are there also headers that are not 'Received:'? The ones which don't begin 'Received:' > Is it truly impossible for a program to spoof an 'envelope form'? No, it's dead easy, but swen doesn't appear to do it. I've looked at a couple of sets of swen headers; the envelope from was 'From [EMAIL PROTECTED]' and the originating IP in the Received: headers was part of a dialup block owned by some.isp.com, so it does seem plausible that swen's envelope from is not spoofed. No idea why not though. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature