[OFB Cafe] Tracking email through headers (Was: Threading (Was: BioFuels))
Derek Broughton
auspex at pointerstop.ca
Thu Jul 24 21:04:16 CDT 2008
On July 24, 2008 17:52:12 Rick Bowers wrote:
> In the following header, I'm betting the From: ID was spoofed. the
> first "Received:" is probably the originating SMTP server, right?
It could be, but every server it passes through is expected to add a Received
header, and so it's always possible for a spammer to start with a string of
forged headers.
> (Received: from AC5-Webproxy71.direcpc.com
> (dpc67142107229.direcpc.com [67.142.107.229])). What else can I tell from
> this?
Well, you can tell it comes from a direcPC satellite customer - except if the
sender has spoofed his IP address :-). It _looks_ valid (my connection is
via DirecPC too). Now, DirecPC addresses are fixed - so you could just
complain to DirecPC - but odds are good they'd tell you it's a reseller's
account (eg, I use Xplornet, which buys the satellite service from DirecPC
and sells it to Canadian customers), then you'd have to complain to the
reseller. In any case, it's likely a violation of their terms of service,
but I've never managed to get an ISP to care about that...
--
derek
More information about the Cafe
mailing list