On Dec 12, 2007 1:13 AM, Martin Kealey <[EMAIL PROTECTED]> wrote: > > > On of the problems we encounter as an ISP is the occassional customer > account getting hijacked and used to send spam from the webmail interface. > > To assist in tracking down the perpetrators, we've created a patch that > inserts a Received header that records information so we can track down the > compromised account. (In particular, the timestamp, source IP address and > login name.) > > The header is formatted like this: > > Received: from [ip-address] (host.domain; login=username) > by hostname-of-server > with HTTP/version ; > datestamp > > You might wonder "why use the Received header"; well, the simple reason is > so it can be processed the same way as any other spam report - and we get a > lot of those. > > Is this of interest to anyone else?
Isn't this what people use the "X-Sender"-header for? If I remember correctly that would be the defacto standard - but it would "only" contain an IP. ;-) Regards, Till _______________________________________________ List info: http://lists.roundcube.net/dev/
