At 08:42 PM 4/24/01 -0400, Peter Kaulback wrote the following:
>>TIP: When replying to someone directly from a mailing list, do NOT type the
>>address -- always "cut-and-paste" from the mailing list to the new message
>>to insure that you don't accidently mistype the address.
>
>Thanks Gerry, and if you cut and paste with your mouse then be sure to
>trim the extra blank character off the end, it always happens to me. My
>email is a sub address and my provider has rules for subs, these are that
>sub addresses must be no longer than eight characters in length, hence I
>dropped the c from my last name. If anyone would like to check out the
>program themselves then please proceed to
>http://www.er.uqam.ca/merlin/fg591543/bsm/ and for the curios persons, the
>url in the readme points to an invalid military address. Enjoy.
Bad bad idea. "From:" headers are the easiest to forge.
Example:
Date: Sat, 7 Mar 1998 16:51:44 -0800 (PST)
From: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Received: from mail.vnn.vn by hanoi-fw-ex.vnn.vn
via smtpd (for mail3.netcom.com [192.100.81.127]) with SMTP; 8
Mar 1998 00:51:26 UT
Received: from hanoi-fw.vnn.vn ([203.162.0.100]) by mail.vnn.vn
(Netscape Mail Server v2.02) with SMTP id AAA322
for <[EMAIL PROTECTED]>; Sun, 8 Mar 1998 07:50:27 +0700
Received: from netcom16.netcom.com ([192.100.81.129]) by hanoi-fw.vnn.vn
via smtpd (for mail.vnn.vn [203.162.0.9]) with SMTP; 8 Mar
1998 00:48:18 UT
To: <[EMAIL PROTECTED]>
X-UIDL: 8e0cb18c27cfcc2197db33dd7530b350
Note that my true userid is embedded in the Received: header.
And another faked (spoofed) "From", "Reply-To" and "Organization"
Received: from hawk.prod.itd.earthlink.net (hawk.prod.itd.earthlink.net
[207.217.120.22])
by no2.superb.net (8.11.1/8.11.1) with ESMTP id f22K5xv12202
for <[EMAIL PROTECTED]>; Fri, 2 Mar 2001 15:05:59 -0500 (EST)
Received: from pacer2 (hsa184.pool015.at101.earthlink.net [216.249.86.184])
by hawk.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id
MAA14914
for <[EMAIL PROTECTED]>; Fri, 2 Mar 2001 12:05:58 -0800 (PST)
Message-ID: <001301c0a353$feb287e0$a64cfea9@pacer2>
Reply-To: "Somebody" <[EMAIL PROTECTED]>
From: "Somebody" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Test message
Date: Fri, 2 Mar 2001 12:04:31 -0800
Organization: SomeOrganization
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Sorted: Default
Status: RO
Again, notice that real sender is embedded in Received: header
--
Gerry Boyd -- [EMAIL PROTECTED]
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
