On Fri, 9 Jun 2000 at 15:34, Holden Hao wrote:
>I am right to assume that it originally came from an ISP subscriber
>connected through 202.163.235.19 who made an SMTP connection at 9:55 AM
>on June 9? What does the two other "Received:" entry mean above?
Received headers are put with the latest at the top by servers at every
"mail hop" they go through (don't know if it's the right term to use). So
if by "originally" you mean the person continuing the worm, yes, I think
you're right with your assesment. :)
>Mail headers can be spoofed but an envelope headers be spoofed? How?
Envelope headers can be spoofed too because it's basically text. For
example, the person can do his/her best to pretend that his/her computer
is just a relay, and that someone else sent it via his/her computer as a
relay. Of course the legitimate SMTP server that accepts the message from
the spoofer should give honest data and from there to the final
destination envelope headers will be accurate.
>Does the X-Mailer entry above refer to the MUA used to send this email?
Normally, yes. But then it could be added just to spice the message
up. It's just text. :)
-+[ Jijo Sevilla ]+-
[EMAIL PROTECTED]
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
