Thanks, I needed to know that because I was recently blessed out by a person screaming about getting emails from system telling them I didn't accept certain file type they told me they didn't have a virus yada yada yada and that they a good virus scanner and it was up to date! And this was all done before I could get the virus def updates so really I my system was protecting me until I got the updates. I will however enjoy sending the administrator an email back explaining that maybe they should look a little deeper. It was not the one listed below but another and I actually have the smtp ip and the senders ip it sent it for which was another ip in there domain. Thanks again Allen
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, August 21, 2003 2:18 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] WAY OT--Tracking Sobig >Ok let me get this one straight! >The IP address that shows up in the remote IP address block is a legit >way to track these? Correct. >So in the returned mail below the guilt party would be: >65.218.223.194 or ns1.nnmt.net. (an authoritative nameserver for >223.218.65.in-addr.arpa., which is in charge of the reverse DNS for >65.218.223.194) >says that there are no PTR records for 65.218.223.194. Correct. However, http://www.dnsstuff.com/tools/whois.ch?ip=65.218.223.194 leads to http://www.dnsstuff.com/tools/whois.ch?ip=!NET-65-218-223-0-1&server=who is.arin.net which shows that the IP belongs to "NOrthern New Mexico Telecom". A Google search leads to http://www.nnmt.net/, so [EMAIL PROTECTED] would be appropriate here. >Is it possible that the virus is spoofing these messages ip? No. Although IP spoofing is technically possible, it would be nearly impossible for a virus to spread while spoofing its IP. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This email has been prescanned for viruses by Declude and F-Prot] --- [This email has been prescanned for viruses by Declude and F-Prot] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
