[Dshield] SMTP question....

Josh Tolley josh at raintreeinc.com
Mon Aug 8 18:22:34 GMT 2005

Valdis.Kletnieks at vt.edu wrote:
 > No, "spoofed e-mail" usually means that you connected to the target 
 > port 25 via a normal TCP connection, sent it a bogus MAIL FROM and/or 
 > and in the DATA phase, included From:/To: headers as desired, usually 
 > one or more forged Received: lines to confuse people and possibly 
redirect blame
 > elsewhere....

You're right - I misinterpreted the original email. In answer to the 
original question, now hopefully correctly interpreted, it is easy to 
spoof email headers without spoofing the source IP address, however 
systems like spamcop pay attention to the IP address the email comes 
from, and ignore email headers, specifically because headers are easy to 
spoof, and relatively speaking, the source IP is not.

Josh Tolley
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033

More information about the list mailing list