[Dshield] Can an SMTP Client be Spoofed?
dshield at oitc.com
Mon Apr 24 16:15:40 GMT 2006
At 11:29 AM -0400 4/24/06, David Cary Hart wrote:
>While I realize that headers are subject to manipulation, I have
>always assumed that the IP address of the connecting machine (as
>represented in the mail log) has an extraordinary probability of
>being correct. Is my assumption valid?
Yes SMTP requires TCP which is a bidirectional protocol which
required a valid IP
>Getting back to the headers, has anyone seen a situation where the
>client depicted in the email headers does not match the client
>depicted in the logs?
client? do you mean host?
More information about the list