On Wed, 2002-06-26 at 04:42, Jeremy Anderson wrote: > 3) The only "real" information here can be found in the first Received: line. Note >the IP address: > > 131.95.135.162 > > This is the "address" of the machine which is originating these messages. This >cannot easily be forged or erased. The only potential "gotcha" in the case of these >originating addresses is if they are an RFC 1918 (private network) address. These >are addresses which begin with 192.168, 172.16, or 10. You can find a full >explanation of these addresses here: > Erasing or forging real Received: lines is hard, but there is no guarantee that the first one you see is actually the first one, a favorite spammer tactic is sending out mail that already has half a dozen bogus Received lines to throw you off, the first real one will be somewhere in the middle (and the timestamps may give it away).
-- Jason Kohles [EMAIL PROTECTED] Senior Engineer Red Hat Professional Consulting
