> Actually, the bracket doesn't mean it is fake. The bracket just indicates > an IP address. This header means that the mailserver claims to be called > out016.verizon.net, and that it received the E-mail from a mailserver (or > mail client) claiming to be "Saturmqc", from the IP 63.160.179.245.
Ok, I figured fake since it was a KLEZ sent mail message..........
It's (virtually) impossible for a virus, spammer, or hacker to forge an IP address. What they *can* forge, very easily, is Received: headers.
In this case, Klez will often use *.verizon.net mailservers to spread (apparently, they are open relays). So the Received: header was almost certainly added by Verizon, which would mean that the virus could not forge it.
> Most likely, this E-mail *did* originate from 63.160.179.245. The only way
> to be sure is to have verizon.net confirm it, but they are very unlikely to
> do that, given the volume of viruses that are transmitted via their
> mailservers.
Hmmm, that's really odd. When someone logs onto our system and is assigned an an IP, and this particular one was not in us at the time of this.... least not issued by us.......
Have you double-checked and triple-checked? -Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
