You can check the email headers to find the actual routing of the email. For example the message you sent has these headers:
Return-Path: <[EMAIL PROTECTED]> Received: from lists.gnac.net (lists.gnac.net [209.182.195.144]) by point.pch.gc.ca (8.9.3/8.9.3) with ESMTP id CAA21007 for <[EMAIL PROTECTED]>; Wed, 29 May 2002 02:37:38 -0400 (EDT) Received: from lists.gnac.net (localhost [127.0.0.1]) by lists.gnac.net (Postfix) with ESMTP id 1B80810468; Tue, 28 May 2002 23:37:35 -0700 (PDT) Delivered-To: [EMAIL PROTECTED] tReceived: from ithaca.logos.cy.net (ithaca.logos.cy.net [194.30.128.35]) by lists.gnac.net (Postfix) with ESMTP id 1839610442 for <[EMAIL PROTECTED]>; Wed, 22 May 2002 05:17:23 -0700 (PDT) Received: from astylianou (itd-130.bankofcyprus.com [194.30.142.130]) by ithaca.logos.cy.net (Switch-2.0.1/Switch-2.0.1) with SMTP id g4MCEgr22817 for <[EMAIL PROTECTED]>; Wed, 22 May 2002 15:14:42 +0300 (EEST) Message-ID: <009b01c2018a$85e817d0$b905010a@astylianou> From: "Andreas Stylianou" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Question on E-mail MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0094_01C201A3.50DF6570" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: <mailto:[EMAIL PROTECTED]?subject=help> List-Post: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://lists.gnac.net/mailman/listinfo/firewalls>, <mailto:[EMAIL PROTECTED]?subject=subscribe> List-Id: Firewalls <firewalls.lists.gnac.net> List-Unsubscribe: <http://lists.gnac.net/mailman/listinfo/firewalls>, <mailto:[EMAIL PROTECTED]?subject=unsubscribe> List-Archive: <http://lists.gnac.net/pipermail/firewalls/> Date: Wed, 22 May 2002 15:14:06 +0300 As you can see there are a series of Received lines in reverse chronological order that show the passage of the message through the Internet from your mail server to he firewalls server, then (a week later) going out again to my email forwarder, then to me. RFC822 headers have format headername: headerdata with the data indented with white space on lines following first. The last Received line is one supposedly created by first host after original sending host. Received: from astylianou (itd-130.bankofcyprus.com [194.30.142.130]) by ithaca.logos.cy.net (Switch-2.0.1/Switch-2.0.1) with SMTP id g4MCEgr22817 for <[EMAIL PROTECTED]>; Wed, 22 May 2002 15:14:42 +0300 (EEST) It says that a machine with IP address [194.30.142.130] that has reverse lookup of itd-130.bankofcyprus.com but that responds to SMTP with name astylianou (looks like your name) connected to a host that calls itself ithaca.logos.cy.net using a Mail Transfer Agent (MTA) called Switch-2.0.1/Switch-2.0. the transaction had id g4MCEgr22817 (useful for checking in logs). It had a recipient address of the firewalls list and it was received by cy.net at Wed, 22 May 2002 15:14:42 +0300 (EEST) (East European Standard time 3 hours east of UTC). So it looks like a server for the same ISP as you claim to come from (zenon.logos.cy.net) sent the message. But of course, a computer smart person who is faking the From: name can also add these lines as well. Looking at your post, you can see that it sat at lists.gnac.net for a week before being sent out to the mailing list. This was probably because it needed to be reviewed by a moderator since you were not a member of this list when you sent it. To check on whether the address a message purports to come from is valid, look for an MX entry in the DNS for that domain (or the actual hoist if there is no MX). If the host is the same as the first or second host in the Received chain, you can be more assured that it is true. But someone else on the same ISP can fake the from address and still have everything else valid. You can also attempt to see if the sending machine knows about the sender address: Using Sam Spade (http://www.samspade.org), a very useful tool, I find: 05/29/02 21:42:15 SMTP Verify [EMAIL PROTECTED], at mail-gw.logos.cy.net Contacting 194.30.128.35 220 ithaca.logos.cy.net ESMTP Sendmail Switch-2.0.1/Switch-2.0.1; Thu, 30 May 2002 04:40:00 +0300 (EEST) HELO example.com 250 ithaca.logos.cy.net Hello CPE00501809be61.cpe.net.cable.rogers.com [24.112.59.50], pleased to meet you VRFY [EMAIL PROTECTED] 252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger) EXPN [EMAIL PROTECTED] 502 5.7.0 Sorry, we do not allow this operation Doesn't want to talk to us RSET 250 2.0.0 Reset state MAIL FROM:<[EMAIL PROTECTED]> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok RCPT TO:<[EMAIL PROTECTED]> 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok RCPT TO:<[EMAIL PROTECTED]> 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok RSET 250 2.0.0 Reset state QUIT 221 2.0.0 ithaca.logos.cy.net closing connection This gives even more evidence that you didn't fake it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andreas Stylianou Sent: Wed May 22 2002 08:14 To: [EMAIL PROTECTED] Subject: Question on E-mail Dear all, I believe that any one can change the From: field in its e-mail program and enter somebody else's e-mail address pretending that he/she is that person sending the e-mail. Is there anyway that either the mail is not sent at all or the recipient knows that the e-mail received is not actually sent by the person whose name is stated in the from field. Thank you Andreas ---------------- This e-mail and any files transmitted with it are confidential and they are intended solely for the use of the intended recipient. The content of this email and any files transmitted with it may have been changed or altered without the consent of the author. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission or retransmission of this email and/or any file transmitted with it is prohibited and may be unlawful. Although the Bank of Cyprus Group has taken steps to ensure that this e-mail and attachments are free from virus, we advise that the recipient should ensure that they are actually virus free. The Bank of Cyprus Group cannot accept responsibility for any loss or damage arising from the use of this email or attachments. ---------------- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls