viruses and worms use their own smtp engine to spread themselves, which
means they're not sent from the mailserver of a domain but from the
infected pc itself. therefor they also have a different ip (the ip of the
infected computer) than the ip of the mailserver.
but you'r definitely right, the best way to protect yourself from stuff
like that is checking the content!
bye,
peter
On Fri, 30 Apr 2004 15:42:59 +0100, Matt Chester <[EMAIL PROTECTED]> wrote:
I'd be careful even with that method to be honest, as some of these
viruses
do genuinely send emails from people you know / trust, having infected
their
email systems and fired off messages to all their contacts. (ie the IP
address can be genuine even if the message is not) The best indicator is
really the content itself - most of these ones ask you to check an
attachment, which installs the virus, and they usually just contain 3 or
4
words of text, and an obvious subject like 'read it immediately.
