[Dshield] Can an SMTP Client be Spoofed?

Tom dshield at oitc.com
Mon Apr 24 16:15:40 GMT 2006

At 11:29 AM -0400 4/24/06, David Cary Hart wrote:
>While I realize that headers are subject to manipulation, I have
>always assumed that the IP address of the connecting machine (as
>represented in the mail log) has an extraordinary probability of
>being correct. Is my assumption valid?

Yes SMTP requires TCP which is a bidirectional protocol which 
required a valid IP

>Getting back to the headers, has anyone seen a situation where the
>client depicted in the email headers does not match the client
>depicted in the logs?

client? do you mean host?


More information about the list mailing list