There is a lot of documentation on the rfc on the mail header structure. Normally in the mail header is write the "sending ip address of the mail" doesn't mean obviously it is the real ip ( spoofing / bouncing ).
anyway: Check RFC2505 BCP0030 ( Anti-Spam recommendation for SMTP MTAs ) is a nice brefiew of some recomandations. Normally i suggest if you have to install a mailserver to take care first of the policy to be "forced" to the employes and verify in your country if the policy are "law compliant" cause in a lot of cases i saw that virus are sent from the users you got ( this is common in italy were a lot of company don't have an antivirus installed on their network ). At disposition. Bye Luigi Grandini IT Security Evangelist www.sinergy.it ----- Original Message ----- From: Marty <[EMAIL PROTECTED]> Date: Thursday, February 20, 2003 7:32 pm Subject: Email headers > Hi group, > > Could someone explain how to decipher Email header? How can we > know the > real sender of spam or virus email? > > Thanks, > > Marty > >