RE: [IMail Forum] Spoofing Return Address

[John Tolmachoff]

Interesting:   172.18.149.18 is reserved to IANA, 172.20.115.199 is also IANA, 212.181.166.148 belongs to Telia Network Services of Italy, 79.36.235.225 is reserved to IANA, 66.205.72.214 belongs to NET1PLUS of Massachuses, 132.250.151.173 belongs to the US Navel Research Laboratory, 30.48.172.243 belongs to the US Defense Information Systems Agency, 156.12.175.63 belongs to Kutztown University in PA.   So, someone from Kutztown University forged the headers and sent it out.   Yes, you are correct in that is where it came from. (Most Likely)   As has been said in past posts, what is to keep you from putting a fake return address on a envelope and then putting it in the US Mail?   13:57 PDT 04/18/02   John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA  92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kris McElroy Sent: Thursday, April 18, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] Spoofing Return Address   I need some help.  There is someone that is using my domain ardmore.com as the reply field.  If I am reading these headers right it looks like the email originated from the IP 156.12.175.63?  Is this correct? I need help understanding how to read this header, any help would be appreciated.        Return-Path: <[EMAIL PROTECTED]> Received: from  rly-st07.mail.aol.com (rly-st07.mail.aol.com [172.18.149.18]) by air-xb01.mail.aol.com (v84.10) with ESMTP id MAILINXB14-0418081123; Thu, 18 Apr 2002 08:11:23 -0400 Received: from rly-xg02.mx.aol.com (rly-xg02.mail.aol.com [172.20.115.199])   by rly-st07.mail.aol.com (8.8.8/8.8.8/AOL-5.0.0)   with ESMTP id IAA25352;   Thu, 18 Apr 2002 08:07:28 -0400 (EDT) From: [EMAIL PROTECTED] Received: from  ardmore.com (h148n3fls20o974.telia.com [212.181.166.148]) by rly-xg02.mx.aol.com (v84.15) with ESMTP id MAILRELAYINXG25-0418080644; Thu, 18 Apr 2002 08:06:44 -0400 Received: from [79.36.235.225] by sydint1.microthink.com.au with NNFMP; Thu, 18 Apr 2002 12:34:16 -0400 Received: from [66.205.72.214] by m10.grp.snv.yahui.com with esmtp; 18 Apr 2002 08:32:14 -0300 Received: from m10.grp.snv.yahui.com ([132.250.151.173]) by da001d2020.loxi.pianstvu.net with esmtp; 18 Apr 2002 05:30:12 +0400 Received: from unknown (30.48.172.243) by m10.grp.snv.yahui.com with asmtp; Thu, 18 Apr 2002 09:28:10 -0400 Received: from 156.12.175.63 ([156.12.175.63]) by smtp013.mail.yahou.com with esmtp; Thu, 18 Apr 2002 05:26:08 -0500 Reply-To: <[EMAIL PROTECTED]> Message-ID: <028a85e45c2b$1446e1a6$5ce46ea0@xlkcgx> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,         <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,         <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,         <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,         <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,         <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Never a Better time! Date: Wed, 17 Apr 2002 16:26:59 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00D5_02A33D2A.E8380B13" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Importance: Normal   Thanks,     Kris McElroy [EMAIL PROTECTED]   Internet Systems Engineer Duracom, INC. www.duracom.net