Ok let me get this one straight! The IP address that shows up in the remote IP address block is a legit way to track these?
Correct.
So in the returned mail below the guilt party would be: 65.218.223.194 or ns1.nnmt.net. (an authoritative nameserver for 223.218.65.in-addr.arpa., which is in charge of the reverse DNS for 65.218.223.194) says that there are no PTR records for 65.218.223.194.
Correct. However, http://www.dnsstuff.com/tools/whois.ch?ip=65.218.223.194 leads to http://www.dnsstuff.com/tools/whois.ch?ip=!NET-65-218-223-0-1&server=whois.arin.net which shows that the IP belongs to "NOrthern New Mexico Telecom". A Google search leads to http://www.nnmt.net/, so [EMAIL PROTECTED] would be appropriate here.
Is it possible that the virus is spoofing these messages ip?
No. Although IP spoofing is technically possible, it would be nearly impossible for a virus to spread while spoofing its IP.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
