[Dshield] SMTP question....
josh at raintreeinc.com
Mon Aug 8 18:22:34 GMT 2005
Valdis.Kletnieks at vt.edu wrote:
> No, "spoofed e-mail" usually means that you connected to the target
> port 25 via a normal TCP connection, sent it a bogus MAIL FROM and/or
> and in the DATA phase, included From:/To: headers as desired, usually
> one or more forged Received: lines to confuse people and possibly
You're right - I misinterpreted the original email. In answer to the
original question, now hopefully correctly interpreted, it is easy to
spoof email headers without spoofing the source IP address, however
systems like spamcop pay attention to the IP address the email comes
from, and ignore email headers, specifically because headers are easy to
spoof, and relatively speaking, the source IP is not.
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033
More information about the list