Just wanted to gain some additional knowledge from the forum on the following. With the Klez virus (among others), it is widely known that the "from" address will most likely be spoofed. However, if you look at the full header, does Klez and the like, also attempt to spoof the IP address in which the request originated from to your (my) server. For example, some headers list Received from 'server name' (IP address) by domain.name with SMTP ID xxxx for email.address on Date Does Klez spoof the server name and IP address from the originator. Thank you for your aid and knowledge!!Some viruses do spoof the server name (by sending "HELO mail.example.com", when they aren't really mail.example.com).
However, there aren't any viruses currently that forge the IP address, nor is it expected that there will be any in the near future. Forging an IP address is extremely difficult to do, and close to impossible on most versions of Windows.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
