since sobig has its own smtp server, the sending IP many times will not have ptr or rdns records -- it is a desktop somewhere in most cases.
> -----Original Message----- > Ok let me get this one straight! > The IP address that shows up in the remote IP address block is a legit > way to track these? So in the returned mail below the guilt party would > be: > 65.218.223.194 or ns1.nnmt.net. (an authoritative nameserver for > 223.218.65.in-addr.arpa., which is in charge of the reverse DNS for > 65.218.223.194) > says that there are no PTR records for 65.218.223.194. > > Is it possible that the virus is spoofing these messages ip? > --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
