[Dshield] SMTP question....

Josh Tolley josh at raintreeinc.com
Mon Aug 8 18:22:34 GMT 2005


Valdis.Kletnieks at vt.edu wrote:
 > No, "spoofed e-mail" usually means that you connected to the target 
machine's
 > port 25 via a normal TCP connection, sent it a bogus MAIL FROM and/or 
RCPT TO,
 > and in the DATA phase, included From:/To: headers as desired, usually 
including
 > one or more forged Received: lines to confuse people and possibly 
redirect blame
 > elsewhere....

You're right - I misinterpreted the original email. In answer to the 
original question, now hopefully correctly interpreted, it is easy to 
spoof email headers without spoofing the source IP address, however 
systems like spamcop pay attention to the IP address the email comes 
from, and ignore email headers, specifically because headers are easy to 
spoof, and relatively speaking, the source IP is not.

--
Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033


More information about the list mailing list